Category

When antivirus is a virus

April 11, 2016

Fake antivirus scams haven’t gone away. Even though a major crackdown of an Eastern Bloc criminal network by Russian police in 2011 significantly reduced the number of attacks, security pros still spend precious hours cleaning viruses from infected computers. Experts say that’s because users often fail to upload necessary software patches that are designed to prevent infections. So step one in avoiding an attack is keeping your software up-to-date. The next step is knowing what to look for.

A cruel twist
It takes a savvy criminal to convince you that they have the solution to a problem, when in fact they’re source of it. It’s like when you go to a doctor for high cholesterol. Only instead of Lipitor, he has you eat bacon. And instead of exercise, he has you sit on the couch and watch TV. And instead of being a doctor, he’s actually a stent salesman.

Fake antivirus works much the same way. It masquerades as virus protection, using names that sound convincing, like “Anti-Virus Pro” or “Defender Pro.” At first, it appears on your screen as an antivirus scanner. It pretends to find malware on your machine and provides a link to download software that presumably cleans the virus from your computer. In reality, it’s not detecting anything.

Clicking on the link launches a barrage of pop-up alerts and warnings, and disables utility software on your computer that you might use to stop them, like Task Manager. Then, you’re presented an offer to “clean” your computer and get rid of the pop-ups for a fee. As scams go, it’s pretty effective. One criminal network reportedly netted almost $50 million in fraudulent payments over the course of a year.

Fake antivirus is distributed by sophisticated organized crime networks that share in their ill-gotten gains. They’re comprised of affiliates that agree to distribute the viruses through their websites in exchange for a commission, payment processors who charge higher fees for suspect vendors with spotty records, and the criminals who engineer the software and provide support services.  

Three ways in
If you know what to look for, you can better defend yourself. There are three common ploys the bad guys use to infiltrate unsuspecting computer users. The first is social engineering, which we alluded to above. This is where the attackers present a scenario (your computer is infected) in order to elicit a behavioral response (click link to exterminate the virus). Of course, the link is the fake antivirus that the criminals are looking to install.

The next method is a drive-by download. This is where an innocent-looking website hides malicious scripts that infiltrate software vulnerabilities that exist because the user hasn’t installed security patches. In this scenario, the fake antivirus is installed automatically, without the user having to do or agree to anything.

The last method is called “blackhat SEO,” where attackers manage to get their ads displayed on legitimate online ad networks. Known collectively as “malvertisements,” they secretly install fake antivirus software without the user knowing or giving permission.

What to do if you become infected
If you can’t run Task Manager to force quit the offending pop-ups or get rid of them using antivirus software, you may have to restart your computer in “safe mode.” Read these instructions on how to remove malware from your system in safe mode. If that doesn’t work, your best bet is to consult a computer security specialist. It’s also a good idea to file a complaint with the FBI’s Internet Crime Complaint Center.

An ounce of prevention
Now that we scared you about fake antivirus, we need to emphasize how important is that you use real antivirus from a reputable vendor and make sure it’s updated. Most solutions will catch about half of the viruses in circulation at a given time, which is far better than not having any antivirus protection at all. For the remaining half, you should make sure you have a true cloud backup solution like Carbonite.

Learn more about Carbonite's business backup solutions today.

Tags:

  • Business continuity
  • Carbonite