Rogue AV has been one of the biggest profit-generating schemes for cybercriminals since its inception. These past few months, however, our team in the AV Labs has seen a decline, and this is due to a combination of factors, including continued coverage of these scams in non-technical news sources, efforts on the part of the security community, and law enforcement continuing to combat rogue AV scams around the globe.
As they have many times before, cybercriminals are changing their tactics, but I doubt they’ll abandon rogue AV entirely. Considering the expertise they’ve developed for black hat SEO (BHSEO), it’s wise to always be on the lookout for rogues whenever a hot topic arises.
Our researchers also are observinge sites distributing fake AV via toolbars, video players and other misleading, fraudulent installers aside from the plain “vanilla” installs we’ve seen in the past, proving as long long as cybercriminals continue to profit from a scheme, they will stick with it.
The decrease we’re seeing may very well be temporary, but it’s really too early to say. Remaining vigilant ourselves and aware of what’s new with fake AV is the best way to keep users from falling victim. However, with increased awareness, I believe scammers will be forced to change tactics yet again, potentially in more radical ways than we’ve seen before to ensure end-users continue to be tricked.
click to enlarge
Pretty convincing, right? Are you confident that all the employees in your organization or all the users in your household would know that their PC has been infected and that’s not a legitimate AV program offering them advice and asking for their credit card?
And remember not everything with a snake logo is legit. Below is an example of a rogue AV trying to mimic VIPRE Antivirus:
Below is an exclusive first look at VIPRE Antivirus 2012 and VIPRE Internet Security 2012, released today in the U.S. and U.K..
click to enlarge
Getting familiar with the actual, legitimate names and interfaces of AV software you, your business and your family use is one way for users to spot a fake. And cybercriminals generally target those who are not in the know.
The fight against online threats is a community and individual effort. GFI Software, together with other AV and security companies, is striving to keep the Internet a safe place. We encourage users to do their part. For users who become infected with rogue AV, GFI tracks the latest variants on its Malware Protection Center blog. There, users can find more information, screen shots, and removal tips.
Leave a reply