Over 7,000 variants of fake antivirus programs infect 30 million users 
(20/10/2008)
The number of infections caused by fake antiviruses continues to increase rapidly. This is because the current economic crisis is forcing cyber-crooks to become more ingenious. The creators of these programs only have one aim: to profit financially from their creations.
According to recent data from PandaLabs more than 30 million users have been infected by this new wave of fake antivirus programs.
Dominic Hoskins, Country Manager, Panda Security UK, said: “The information we have at present suggests that some 3% of these users have provided their personal details in the process of buying a product that claims to disinfect their computers. In fact, they never even receive the product. Extrapolating from an average European price of €49.95, we can calculate that the creators of these programs are receiving more than €10 million per month and that is approximately £7.7m2”.
All of this is achieved simply by creating thousands of variants of a new type of adware and distributing it across the Internet. Users can be infected in several ways: browsing Web pages with adult content; downloading files from peer-to-peer networks; responding to e-greetings; downloading files that exploit security holes so users are infected without realizing, etc. There have even been cases of the Google home page being manipulated.
These programs all operate in a broadly similar way: The program tells users that they are infected and pop-up windows, desktops and screensavers keep appearing, practically preventing the victim from using the computer. The aim is to scare the user into buying the fake anti-virus with, for example, cockroaches ‘eating’ the desktop, or fake blue screens of death.
Internet-savvy users will realize quickly that this is a fake antivirus, and will look for a solution. “One of the worst things though, is that these programs are very difficult to disinfect. More advanced users might try to disinfect them manually, but this is no easy task. In general, it can take users up to three days to completely remove this threat from a computer”, adds Hoskins. “That’s why we advise users whose antivirus has not detected the threat to install a new generation security solution designed especially to detect, disinfect and eliminate all traces of these malicious programs”.
However, not all users identify the problem: Those who actually reach the pages selling the fake anti-virus will find products that are clones of those developed by legitimate vendors. “We have to admit that these fakes and the corresponding Web pages can look quite authentic, and it’s not surprising that some users end up buying them as they are desperate to clean their computers”.
During the purchase process, users are asked to enter confidential data. On average, their credit cards are charged €49.95 for an ‘anti-virus’ that they never receive. “As the products are imitations of well-known brands, the victims often turn to the companies, who can’t do anything as they have not really bought any licenses”.
“What we still don’t know is whether the bank or credit card details are then used later by the cyber-crooks. If that were the case, the financial implications are even greater. This new technique demonstrates the ingenuity of cyber-crooks, who are constantly on the lookout for new ways to make money”, says Hoskins.
These types of epidemics are part of the new malware dynamic. We no longer witness wide-scale epidemics caused by a single virus such as ‘I love you’ or Sasser. These headline-grabbing malicious codes were designed to bring notoriety and kudos to their creators by infecting as many computers as possible.
Now however, cyber-crooks operate in organized mafias with purely financial motives. They bombard the user community with thousands of new variants of each of the malware families everyday. In doing this they hope to saturate antivirus laboratories and at the same time avoid the kind of media attention given to single-virus epidemics. Users therefore have a false sense of security.
PandaLabs has so far detected more than 7,000 variants of fake antivirus programs.
Related topics: Hacking and intrusion prevention Security threats and vulnerabilities
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
