Fake antivirus – what it is, what it does and how to mitigate the threat

Published by Lee Munson on September 23, 2015 in Antivirus

It’s a sad fact of life but, for the typical person, attempting to surf the web without having any kind of security software installed amounts to sheer folly these days.

As more and more people connect to the web (3.17 billion have access in 2015, up from 2.94 billion the year before, according to Statista), the lure for cyber criminals becomes ever more compelling.

And, with another 4.4 billion people yet to make the connection, the internet will continue to grow ever more rewarding for virtual thieves for many years to come.

That’s why you need to have some form of defence, even if you only use your computer at home.

The absolute minimum I’d suggest running with is a firewall and antivirus.

As many of you may already know, the world’s most-used operating system comes with both installed.

But what if you are looking for something more robust and better regarded?

Well, you may be tempted to buy or otherwise acquire an alternative.

And there are plenty of places to look for them.

While I would hope that you would rely upon our reviews of the best available security software, I’m also aware that some people will surf the web, looking for free programs, or will turn to torrents and such like to get the well regarded programs without paying for them.

Now, I’m not going to judge you for the latter, but I would urge caution: there are risks associated with walking down the less well lit paths of the internet.

Fake antivirus

Fake antivirus

If you are looking for an antivirus program there is one key fact that you need to be aware of – they are not all created equal.

Some are more effective at blocking malware than others, some are easier to use, and others have a smaller impact on your system resources when they are operating.

And some are just not real.

The bad guys on the web – hackers, scammers, identity thieves and all manner of other miscreants – are all looking to make money.

Hackers will be looking to gain entry to your system in order to steal something.

That may be your data, it could be your online banking details, or it could be your bandwidth as they look to set your PC up as part of a botnet which can then later be used to orchestrate DDoS attacks on other unsuspecting victims.

Scammers peddle fake antivirus software as a means of making direct cash – they sell you junk software, take your money and are never heard from again.

If you’re lucky they will sell you a poor program that isn’t particularly effective. If you are not so fortunate, they’ll sell you something far more sinister that will lead to many more problems down the road.

An identity thief, as you can guess, will be looking to leverage the fake software to gain your personal details, either so they can steal from you directly, or so they may sell your data on.

All three types of individuals (or groups) are typically well organised and they excel when it comes to identifying new opportunities and then marketing or otherwise distributing their warez to as many potential victims as possible.

And one key area they have seized upon is the home computer security market.

With a recurring subscription model, it’s a lucrative enough business for legitimate companies. For cyber criminals, it’s arguably an even better one as they trick, coerce or socially engineer their marks into installing their fake antivirus and antispyware programs.

For the victim, fake antivirus doesn’t just represent money down the drain though. Indeed, many such programs are given away free.

In a world where many eyes are on Edward Snowden, it is easy to forget that it is not just our governments who desire to know what we do with our computers and it’s not just Iranian nuclear plants that have to worry about malware being surreptitiously implanted onto their systems.

No, it is also you and I.

So what you may end up with is a program that is a) useless; b) spying on you; c) stealing your information; d) calling home, asking a command and control centre for more nasty malware; or e) all of the preceding.

How, then, does someone end up with one of these nasty programs on their system in the first place?

Fake antivirus notifications

Beyond the illegal downloading of legitimate – but tampered with – antivirus programs, and the wilful installation of software from small, obscure companies with no track record, the most likely “in” for fake antivirus is interaction with a pop up.

You’ve all seen pop-ups – those annoying adverts that seemingly come from nowhere when you visit a web page (Adblock Plus, a Chrome extension, does a pretty got job of banishing unwanted ads) – as they are still far too prevalent on the web.

While they do appear on some of the largest sites on the net, they are more often found residing on smaller sites that have a reliance on generating a little advertising revenue from any source they can in order to fund their existence.

While some pop-ups are fairly benign, posing nothing more than a temporary nuisance, others are downright dodgy.

You know the sort – the blinking box with the warning triangle that says your system is already infected with something malicious.

Many of us, thankfully, are wise to such things and treat them with the disdain they deserve, but others are sufficiently trusting that they genuinely believe they have an issue, especially when such pop-ups often lie and say they have just run a full system scan.

The more impulsive (or worried) among them may even feel compelled to buy the “solution” right then and there, or close the window via the tried and tested Windows method of clicking the ‘X’ in the top right corner of the box.

Either way, their problems have just begun.

Closing the pop-up is often an issue because it can lead to other problems, such as more adverts appearing, or it can of itself lead to your machine becoming compromised.

Buying a fake security program is a bigger issue though because the “solution” is anything but that and is, instead, a gateway to more problems, such as an increased amount of malware on your computer, slow-downs, lock-ups and even programs that suddenly fail to open. In other words, closing that pop up could leave your system in a far worse state than before – slow at best, infected at worst.

Fake antivirus – what’s the deal, how does it work?

Fake antivirus programs typically display equally fake system alerts, triggered by a Trojan (installed without your knowledge when you open an email attachment, get hacked remotely, download torrents or other files from peer-2-peer networks, visit malicious websites or click on a pop-up advert), warning that your computer has been infected.

Quite often these fake alerts will then lead you to believe that your system has been infected with some type of malware, be it a virus or some piece of spyware.

In many cases that isn’t really the case – the alerts are fake themselves – but sometimes these programs are so malicious that they will in fact install all manner of malware onto your system in the first place, typically after you elect to use the fake program to scan your system.

Identifying fake antivirus programs

It’s quite interesting to note how fake antivirus programs tend to overcompensate their ineffectiveness by actually appearing to find more issues on the machine they are installed on than legitimate software ever would.

Sometimes this is all part of the initial con – they want to lull the user into thinking they are working correctly in order to increase the likelihood of remaining installed on the computer.

Other times, it can all be part of an elaborate plan to up-sell further junk security products.

Either way, there is every chance that a fake antivirus user will see far more pop ups than ever before, especially when they are connected to the internet.

Other signs of a rogue security product residing on your system include the slowing down of the machine.

Sometimes this can be subtle but often the drop in speed is quite pronounced as the fake program continues to secretly install further malware and other junk, as well as surreptitiously use any available internet connection to phone home to its command and control centre.

The other classic sign that signifies a rogue program has been installed is a changing of home page within the web browser.

Toolbars and other junkware often do this and it’s much the same with some fake antivirus programs which will direct the browser either to a site of the creator’s choosing from which they will try and entice the victim with adverts, or install further malware, or to a page that looks like a legitimate website from which they will, again, attempt to dupe you one way or another.

Advertising can also be pushed in other ways too – the installation of fake programs can lead to all sorts of unfortunate results and one of those may be the insertion of inline advertising, i.e. words on a genuine web page which suddenly appear to be underlined and link to all manner of undesirable places, including gambling and porn sites or just about anything else that can earn a pretty penny for whoever is behind the fake AV program you just installed.

Mitigating the threat

Thankfully, there are several ways in which you can reduce the risk of inadvertently installing fake antivirus on your system:

  • Install a firewall – Microsoft has included a free one from Windows XP onward.
  • Never click on pop-ups. No, really. Never. Just don’t do it.
  • If you are a Windows user, leave your security settings set at medium or higher.
  • If your browser presents a warning about a website you are trying to access you should pay attention and get the information you need elsewhere.
  • Never download pirated software – free products may sound enticing but remember that those who upload them are often looking to make money, either through compromising your system themselves, or by selling your information on to other web crooks.
  • Only buy well-reviewed and genuine security software from legitimate vendors. Note how scammers and other cyber criminals will often package their warez up to look real or sound like the genuine article.
  • Only open email attachments if you trust the sender and are sure that you can verify their identity – viruses do come in the mail and that’s why it’s always a good idea to scan all your incoming mail with an antivirus program.

More and more people are connecting to the internet every day and, as they become increasingly aware of the threats on the web, so the need for security products increases.

While it’s good to know that an ever increasing number of people realise they need antivirus programs and suchlike, the cyber criminals have also taken notice and reacted accordingly.

They take advantage of any opportunity and offering fake security programs is simply a logical extension to their money-making activities.

Leave a Reply

Your email address will not be published. Required fields are marked *