Fake Antivirus Scams Now Spreading through Skype

Fake anti-virus scams have been doing rounds for quite some time now. Hackers had previously used mediums, such as emails, websites etc. to carry out these scams. Now they have found another medium Skype.

Graham Cluley of Sophos has posted a video showing off the scam attempt in action. The MO is that of a common phishing attack, relying on inducing  a sense of predicament  on the victim. The automated call warns the victim that his/her computer is not protected and gives a link to follow in order to activate your computer protection’.

Following that link will take you to a web page that pretends to scan your computer. Not surprisingly, it will find some issues and will recommend you to buy their anti-virus software worth $19.95.

Image Credit: Naked Security

Obviously, when you get this kind of call, just disconnect it and don’t visit the websites that they mention.

Also, always use a reputed anti-virus, and more importantly make sure that it is fully updated. There’s no point in using an outdated antivirus. My recommendation   for a good AV would be Microsoft Security Essentials as it is free and light on resources. But you can of course use other known anti-virus software, such as AVG and Avast.

Fake Antivirus Tools from Microsoft – Don’t be fooled

No! Microsoft is not offering fake antivirus tools. However, a new warning from Microsoft’s Windows Security Blog tells the frightening story of a new threat that disguises itself as Microsoft Security Essentials (MSE). As many of you know, MSE is Microsoft’s free antivirus suite. I recommend it, and even Fred Langa recommends it.

How Does it Work?

1. You unintentionally visit a website that places a drive-by download known as FakePAV, onto your computer.

2. Once it runs, you’ll get this bogus warning in your web browser. (images from WindowsTeamBlog)


3. Clicking on Clean computeror Apply actionswill initiate a fake attempt to clean your PC. It will report that it failed and then ask you to Scan Online.


4. After it performs a simulated scan, you’ll be offered this list of Antivirus and Antimalware tools.


5. Clicking on any of the Free Installbuttons starts another install for persistent and more intrusive fake antivirus software.


The final look of this fake antivirus software can take many forms, such as Red Cross Antivirus, Peak Protection 2010, AntiSpy Safeguard, Major Defense Kit or Pest Detector. These apps give you even more false warnings and try to scare you into buying more protection. Applications like these are also known as ScareWare.

red-cross-fake-av peak-protection-fake-av

antispy-fake-av major-defense-fake-av


What should you do to protect yourself?

My recommendation is to use good, up-to-date antivirus software. Enable any anti-phishing options in your web browser. I also recommend the free URL filtering service offered by OpenDNS.

What should you do if you are already infected?

The first tool I use on infected computers is MalwareBytes. If that doesn’t do the trick, Keith Dsousa wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run Antivirus on a PC That Will Not Boot.

If you need good free advice on what to do, there are several malware removal forums that will take you step by step through a recovery process. Bleeping Computer, Major Geeks and especially Temerc Countermeasures are three good ones.

New Ways to Get Infected Online – Fake Update Downloads

app-blocked2-ico Two days ago, the Symantec blog posted an article that describes how the newest and most successful malware and fake anti-spyware fools you into downloading it. The descriptions and images of these social engineering attacks are something you should see, so that you’ll know it when it happens to you.

Below are four images from the Symantec article. The first three show a web page with a fake warning to download updates. The last image shows you the payload, which is a fake anti-spyware program that tries to fool you into purchasing it (also known as scareware).

Image #1 download Firefox Secure Updates


Image #2 download Updates


Image #3 download Chrome Updates


Image #4 resulting download scareware called Security Tool


Even though these images are a bit fuzzy, you can still see that they’ve done a good job of looking like legitimate warnings. The bad news is that this isn’t the scariest part. It gets worse.

According to the article, trying to cancel these warnings does no good. The fake warnings keep popping up. If you exit the page without downloading these updates, something even worse happens. They redirect you to a site that hits you with some heavy duty exploits that could infect your PC.

The Symantec article only tells you that their software and some common sense will keep you protected from these fake warnings.

If you want my advice, do the following if you think you are seeing a fake warning:

  1. Close the browser.
  2. Follow up with an anti-virus scan of your system.
  3. Use MalwareBytes Anti-malware to clean your system if you think you’ve been infected.
  4. If all else fails, and you’re certain you have a problem, go to an anti-spyware forum to get help. (SpywareWarrior and PC-Help are good)
  5. Optional tell me about your adventures, or comment below.

Update: Lorraine emailed me this link to removal instructions that helped her remove the “My Security Shield” scareware which looks like the “Security Tools” above.

[Source Symantec Blog]

New Free Virus Removal Tool from McAfee – Fake Alert Stinger

flying_wasp [Windows Only] McAfee is well known for it’s antivirus software, and you usually have to pay for their protection. They offer the free Stinger tool to help people clean out PCs that have been crippled by virus and trojan attacks.


There is no installation required. Just download it and run it. It works on all Windows PCs as far as I know.

I normally download a fresh copy of Stinger onto a USB flash drive or CD before I go off to help my friends with bug problems.

In addition to the standard Stinger, there’s a new version of Stinger out now called FakeAlert Stinger. It’s designed to specifically target multiple varieties of the FakeAlert trojans, such as, Kryptik, AVP Security, Fakespypro, Winwebsec, Antivirus Soft and XPSpy.

FakeAlert applications are a form of ScareWare that pop up fake warnings which attempt to trick you into running their scans and buying their premium products. It’s a huge money-making scam that’s been very effective against new PC users.

Download McAfee Stinger and FakeAlert Stinger

Notes: There are many other antivirus and anti-malware tools that can help you clean up an infected PC. Last year, Keith wrote about an application which will Remove Fake Antivirus from Your System. If all else fails and the PC is really trashed, I’ve got an article describing how to Run AntiVirus on a PC That Will Not Boot.

Techie Buzz Verdict:

techiebuzzrecommendedsoftware1 There are two versions of McAfee Stinger. Both are very good, and there’s no reason not to use both of them when you need to clean up an infected PC. I have used Stinger for years and I’ve never had an issue with it. I only wish it was Open Source, so that more people could contribute to it’s effectiveness.

Techie Buzz Rating: 4/5 (Excellent)

Fake Antivirus Sites Target Windows 7 Users

The folks who write malware and virus are not just smart at writing them, they are also very smart at camouflaging their stuff in such a way that unsuspecting users may easily get fooled to believe that they are actual doing something legitimate.

Many malware and virus thrive on SEO poisoning for popular search terms. They make use of the fast indexing capabilities of Google to get indexed for popular search terms, especially "sex scandals" and "sex videos".

Also Read: Tips To Keep You Safe On The Internet | Protect Yourself from Internet Threats

A recent analysis from the folks at Sophos Labs, uncovered several URLs which made it to Google through blackhat SEO, however, the more interesting finding was that, malware and virus writers have now started to generate spoof screens which look similar to .

Fake Antivirus Windows 7 Security Popup

When users visit sites which host such malware, they will come across an interface which is similar to Windows 7, with a popup which looks exactly like the security center popup for Windows 7. Furthermore, the malware site also displays fake antivirus scan results which show the user that there are several viruses installed on the PC.

Fake Antivirus Scan on Windows 7

It is easy to get fooled because of the stark similarities between this Fake antivirus, however, users should know that they are using a web browser, and such scans are not carried out by Microsoft in the web browser.

Though the looks may be deceiving, you should not click on any security related or free antivirus scans on a web browser. Additionally, many modern browsers are smart enough to block such malware sites, so make sure to keep your browser upgraded to the latest version.

You might also want to check on some tips we had written earlier to keep yourself safe on the internet.