- SandBox Information Center
- Malware Analysis Search
- Articoli sulla sicurezza
- Blog sulla sicurezza [EN]
- Livello di pericolosità [EN]
- Minacce attuali di virus
- Tipi di malware [EN]
- Descrizione dei virus [EN]
- Statistiche sulla posta elettronica [EN]
- Testi, white paper generici ed altro
- La tecnologia Norman
Fake Antivirus
Threat risk
|
Detection files published:
(New variants are continously added) |
Description created:
2010-04-25 |
Description updated:
2010-05-10 |
|
Alias:
|
Spreading mechanism
Email, Other, Webpage | |
|
Payload:
Downloads other malware, may disable antivirus software and block access to web security sites | ||
Summary
Fake antivirus or more precise - fake antimalware, or rogue security programs - is a generic description for all types of malware that pretend to be protection software against virus, spyware, trojans and other types of malware. In reality however, fake antimalware is malicious software.
Although this type of malicious software has been around a long time, its growth has been particularly huge recent years.
The most used spreading mechanism is drive-by infections from visiting web sites. One popular technique is to manipulate search engines.
Spreading description
Fake antivirus' most used spreading mechanism is drive-by infections from visiting web sites. One popular technique is to manipulate search engines to display search engine results using search words that are "hot" to display web sites that are infected by fake antimalware. Such words are f.ex. big media events and other issues that people usually search for. See this article for more information about such techniques.
Another technique is propagation through malicious advertisements.
Google has investigated the web sites that are used to spread fake antimalware and concludes that the time that these web sites are online is getting increasingly shorter. The reason why is obviously to avoid being detected by the different technologies that are developed for safe browsing.
When email is used to spread the malware, the scheme is usually to use social engineering techniques to trick users into downloading malicious software and/or visiting web sites with malicious content.
Threat description
When a computer is infected by fake antimalware a warning like the one below is displayed:
The idea is to trick infected users into purchasing the the fake antivirus product by displaying information that the computer is infected even if it is not.
Some of the rogue security programs may display product names or logos in an apparently unlawful attempt to impersonate legitimate product. Some versions also disable legitimate antivirus programs, and block Internet access to security sites.
The fake antimalware products often downloads other malware components, which in turn may download other and update themselves with new/updated modules. The result is that the malware is difficult to remove and may be quite persistant in its attempts to convince the users to buy the product.
Examples
Fake antimalware products usually look quite convincing and professional. Here are a few examples:
Antivirus 2010 Pro
(click image to enlarge)
Spyware Protect 2009
(click image to enlarge)
More details
For details about specific variants of fake antimalware we refer to the following descriptions:
Removal
The different variants of fake antimalware often download lots of different other malware, which in turn may download further malware components. A full cleaning of infected systems may therefore be difficult.
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Utilizzo | Titolo | Commento |
|---|---|---|
| Blocco dei virus che infettano le condivisioni di rete | ||
| Cleaning of back-up folders on Windows Me and XP |