MICHAEL VANA WAS skeptical when he saw the pop-up from “Antivirus 2009” on his screen. The former Northwest Airlines avionics technician, who lives in Schaumburg, Illinois, guessed that the dire warning of a system infection was fake, but when he clicked the X to close the window, it expanded to fill his screen. To get rid of it, he had to shut down his PC.

As crooks aggressively push fake antivirus software, you need to know which ersatz warnings may point toward a hidden infection.

antivirus

Sound familiar? Dirty tricks like these, designed to get you to install and buy fake antivirus products, are more common than ever. But while you might recognize such warnings as bogus, you might not know that the fake warning could be a red alert about an underlying bot malware infection. Knowing the difference is key. As crooks aggressively push fake antivirus software, you need to know which ersatz warnings may point toward a hidden infection.

“It’s not something you even blink at anymore,” says Christopher Boyd, senior director of malware research for communications security company FaceTime Communications, of requests for help in dealing with phony warning pop-ups.

facetime_com

The increased incidence of such pop-ups is due to more crooks going ader easy money from shady affiliate programs, which pay a huge cut of the profits—up to 90 percent—for every person who mistakenly hands over money for a fake program, regardless of what induced them to pay. Often, the inducement comes from a malicious Web site that employs JavaScript tricks to unleash a horde of pop-ups, or even resize the victim’s browser window, to create something that looks like a real antivirus scan.

You might reach such a site by using a bad search link, like the one Boyd clicked for a free online Batman game. He got redirected to a site that took over his browser to display a fake antivirus scan, which then found (fictitious) critical infections that he could supposedly fix by buying the rogue antivirus app.

If a site merely hijacks your browser, you don’t have to worry too much: The pop-ups or fake scanner windows don’t cause lasting damage, Boyd says. You might be prevented from closing the window, as Vana was, but you can usually bring up the Windows Task Manager with <Ctrl>-<Alt>-<Del> and close your browser that way. Sometimes just pressing <Alt>-<F4> will shut it down.

“To do this, [the fake site] uses real code, and doesn’t generally exploit a hole,” Boyd says. As long as you don’t panic and install the pushed program, no real harm occurs.

Bot Infections and Fake Antivirus

Unfortunately, the other way you might en counter a fake antivirus program is far worse.

Joe Stewart, a director of malware research with Secure Works, a security services company for businesses, tracks bot malware for a living. Criminals use bot-infected PCs, sometimes gathered into huge networks (called botnets) of a hundred thousand or more systems, to send spam worldwide. But they also use bots to down load rogue antivirus apps and other malware onto a victim’s PC.

“It’s a proven way of monetizing a botnet,” says Stewart. “Just about anybody with an already-deployed botnet is potentially looking at this as a way to make extra money.

”According to Stewart, crooks make that money either by getting someone to download a supposed trial version of the rogue antivirus tool—co-opting a legitimate software sales technique—or by installing that software behind the-scenes with a bot.

antivirus_subsOnce installed, the rogue typically uses highly aggravating techniques, such as changing the Windows desktop background to warn of a supposed infection and displaying constant other warnings, to push you to buy the full version of the software.

You might know not to download a rogue antivirus utility in response to a spurious pop-up. But when ordered to download it by a malicious controller, a hidden bot will never give you the chance to apply your good sense.

If you follow basic security precautions, such as keeping your bonafide antivirus software up-to-date and being careful with e-mail attachments and downloads, you can significantly reduce the odds of getting infected with a bot or other malware. But if you do see pop-ups or other fake warnings from a rogue antivirus app on your machine, try to determine whether it’s from a Web site or from actual software installed by a bot (or by someone else who uses the PC).

Possibilities Are Endless


Keep Evil Away From Your ComputerThe fake software scam comes in many variations, and crooks’ tactics differ, so there is no sure indicator that one is present. But watch out for warnings that persist after you reboot your PC, especially if they appear before you open your browser. Seeing an unfamiliar warning icon in your system tray is another bad sign, particularly if you can’t right-click it and make it go away. And if your desktop background has changed, you’re definitely infected with a rogue antivirus program, says Boyd.

As to the source of this garbage, here’s a clue. One variety that Stewart examined, then called “Antivirus XP 2008,” would first check the PC’s system configuration to see whether it was located in a country with many ethnic Russians. If so, the installer immediately quit.

Best Deals from Trend Micro

Our Random Articles

More Links