What is a Fake Antivirus?
Fake Anti-Virus, also known as ‘scareware’ is a class of malware that displays false alert messages to the user concerning threats that do not really exist. It appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. These alerts will prompt users to visit a website where they will be asked to pay for these non-existent threats to be cleaned up. It continues to send these annoying and intrusive alerts until a payment is made.
Typical signs of infection
Fake Antivirus usually uses a large array of social engineering techniques to get itself installed. Such as:
- Fake Windows Security Updates
- Fake Virus-Total pages
- Fake Facebook app
Once on a system, there are many common themes in its behavior:
- Popup warnings: Many FakeAV families will display popup messages in the taskbar.
- Fake scanning: The FakeAV will typically pretend to scan the computer and find non-existent threats, sometimes creating files full of junk that will then be detected.
- Process termination: Certain programs are prohibited from running by the FakeAV, with a warning message being displayed instead.
- Web page redirection: Some FakeAV families will redirect web requests for legitimate web sites to an error message or other type of warning message. This adds to the user’s fear and, again, makes the user more likely to pay for the FakeAV.
- Installation of more malware: FakeAV has been known to download other types of malware upon installation, such as banking Trojans, rootkits and spam bots.
- Block Legitimate Anti-virus Websites: I once had a particularly mean fake antivirus which installed itself and refused to allow access to any known antivirus websites. This sign in and of itself is a sure fire indication that you have a problem in your system.
What does fake anti-virus security software do?
Scareware software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Sometimes, when you download fake security software, it will install a virus or other malicious software on your computer so that the software has something to detect.
Some rogue security software might also:
- Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
- Use social engineering to steal your personal information.
- Install malware that can go undetected as it steals your data.
- Launch pop-up windows with false or misleading alerts.
- Slow your computer or corrupt files.
- Disable Windows updates or disable updates to legitimate antivirus software.
- Prevent you from visiting antivirus vendor websites.
It might also attempt to spoof the Microsoft security update process. Here’s an example of fake security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.
To help protect yourself from fake antivirus software:
- Install a firewall and keep it turned on.
- Use automatic updating to keep your operating system and software up to date.
- Install antivirus and antispyware software such keep it updated.
- If your antivirus software does not include antispyware software, you should install a separate antispyware program and keep it updated.
- Use caution when you click links in email or on social networking websites.
- Use a standard user account instead of an administrator account.
- Familiarize yourself with common phishing scams.