Fake anti-virus scams have been doing rounds for quite some time now. Hackers had previously used mediums, such as emails, websites etc. to carry out these scams. Now they have found another medium Skype.
Graham Cluley of Sophos has posted a video showing off the scam attempt in action. The MO is that of a common phishing attack, relying on inducing a sense of predicament on the victim. The automated call warns the victim that his/her computer is not protected and gives a link to follow in order to activate your computer protection’.
Following that link will take you to a web page that pretends to scan your computer. Not surprisingly, it will find some issues and will recommend you to buy their anti-virus software worth $19.95.
Obviously, when you get this kind of call, just disconnect it and don’t visit the websites that they mention.
Also, always use a reputed anti-virus, and more importantly make sure that it is fully updated. There’s no point in using an outdated antivirus. My recommendation for a good AV would be Microsoft Security Essentials as it is free and light on resources. But you can of course use other known anti-virus software, such as AVG and Avast.
2. Once it runs, you’ll get this bogus warning in your web browser. (images from WindowsTeamBlog)
3. Clicking on Clean computeror Apply actionswill initiate a fake attempt to clean your PC. It will report that it failed and then ask you to Scan Online.
4. After it performs a simulated scan, you’ll be offered this list of Antivirus and Antimalware tools.
5. Clicking on any of the Free Installbuttons starts another install for persistent and more intrusive fake antivirus software.
The final look of this fake antivirus software can take many forms, such as Red Cross Antivirus, Peak Protection 2010, AntiSpy Safeguard, Major Defense Kit or Pest Detector. These apps give you even more false warnings and try to scare you into buying more protection. Applications like these are also known as ScareWare.
Two days ago, the Symantec blog posted an article that describes how the newest and most successful malware and fake anti-spyware fools you into downloading it. The descriptions and images of these social engineering attacks are something you should see, so that you’ll know it when it happens to you.
Below are four images from the Symantec article. The first three show a web page with a fake warning to download updates. The last image shows you the payload, which is a fake anti-spyware program that tries to fool you into purchasing it (also known as scareware).
Image #1 download Firefox Secure Updates
Image #2 download Updates
Image #3 download Chrome Updates
Image #4 resulting download scareware called Security Tool
Even though these images are a bit fuzzy, you can still see that they’ve done a good job of looking like legitimate warnings. The bad news is that this isn’t the scariest part. It gets worse.
According to the article, trying to cancel these warnings does no good. The fake warnings keep popping up. If you exit the page without downloading these updates, something even worse happens. They redirect you to a site that hits you with some heavy duty exploits that could infect your PC.
The Symantec article only tells you that their software and some common sense will keep you protected from these fake warnings.
If you want my advice, do the following if you think you are seeing a fake warning:
[Windows Only] McAfee is well known for it’s antivirus software, and you usually have to pay for their protection. They offer the free Stinger tool to help people clean out PCs that have been crippled by virus and trojan attacks.
There is no installation required. Just download it and run it. It works on all Windows PCs as far as I know.
I normally download a fresh copy of Stinger onto a USB flash drive or CD before I go off to help my friends with bug problems.
In addition to the standard Stinger, there’s a new version of Stinger out now called FakeAlert Stinger. It’s designed to specifically target multiple varieties of the FakeAlert trojans, such as, Kryptik, AVP Security, Fakespypro, Winwebsec, Antivirus Soft and XPSpy.
FakeAlert applications are a form of ScareWare that pop up fake warnings which attempt to trick you into running their scans and buying their premium products. It’s a huge money-making scam that’s been very effective against new PC users.
There are two versions of McAfee Stinger. Both are very good, and there’s no reason not to use both of them when you need to clean up an infected PC. I have used Stinger for years and I’ve never had an issue with it. I only wish it was Open Source, so that more people could contribute to it’s effectiveness.
The folks who write malware and virus are not just smart at writing them, they are also very smart at camouflaging their stuff in such a way that unsuspecting users may easily get fooled to believe that they are actual doing something legitimate.
Many malware and virus thrive on SEO poisoning for popular search terms. They make use of the fast indexing capabilities of Google to get indexed for popular search terms, especially "sex scandals" and "sex videos".
A recent analysis from the folks at Sophos Labs, uncovered several URLs which made it to Google through blackhat SEO, however, the more interesting finding was that, malware and virus writers have now started to generate spoof screens which look similar to Windows 7.
When users visit sites which host such malware, they will come across an interface which is similar to Windows 7, with a popup which looks exactly like the security center popup for Windows 7. Furthermore, the malware site also displays fake antivirus scan results which show the user that there are several viruses installed on the PC.
It is easy to get fooled because of the stark similarities between this Fake antivirus, however, users should know that they are using a web browser, and such scans are not carried out by Microsoft in the web browser.
Though the looks may be deceiving, you should not click on any security related or free antivirus scans on a web browser. Additionally, many modern browsers are smart enough to block such malware sites, so make sure to keep your browser upgraded to the latest version.