on 27 April Google has presented a paper at the workshop on Large Scale Exploits and Emerging Threats in Sanjose, CA. The report is based on the 13 months study of Fake Anti Virus distribution on internet . The study reveal 11000 domains are involved in Fake Anitivirus distribution, this accounts 15% of all malware threats across the glob.
Poisoned search results and malicious web pages lead millions of users to land into the fake anti virus sites. The sites are using complex java scripts , simulate a virus scan to display a page almost similar to the image shown below. It will also show a popup of disguised Windows security alert to create more panic.
Unfortunately millions of users fall into this trap and download the Fake Anti virus software. This softwares display security alerts and warning prompt the users to purchase license keys for threat removal. The poor victims purchase the license keys to get rid of this annoying alerts, this adds fuel to fire. The downloaded FA softwares may be bundled with malwares and it will reside in the system and make the PC as a source for spreading the infection.
The study report says ” Our results show that Fake AV accounts for 15% of all malware detected by our system. More troubling is the fact that Fake AV attacks spread easily without requiring any vulnerability on a victim’s computer system. Additionally,Fake AV distributors attempt to maximize their reach by posting Ads that lead to the Fake AV distribution sites, or funneling traffic through search engine optimized web sites that are designed to rank highly for popular keywords”
Remember the previous article in this blog about a new malware attack on blogs and forums. In that case also the similar things were happened. Recently the problem related to a bad update of McAfee was a carnival for spammers. They smartly utilized the situation to poison the search results and pushed the visitors to the Fake Anti Virus sites.
The report warns the alarming rise of Fake Anti Virus domains. In 2009 only 93 unique domains were identified whereas by the end of Jan 2010 it increased to 587. Security related English words are being used as domain names such as – scan, scanner, security, anti-virus, anti-spyware, anti-malware, protect etc. and most of the domains are hosted in the same ip address.
It is always important to be aware of this emerging threat and take adequate protection to safeguard the PCs. Keep the PC updated with a good Anti Virus software (Not fake AV 🙂 ) and Firewall.