February has already begun, which means Valentine’s Day is close at hand. As usual, spammers will definitely hype up their malicious activities. It is only the first day of the so-called “love month” but we have already seen at least two spam samples leveraging one of the most-celebrated special occasions when people flock to websites that advertise gifts they can give to their loved ones.

These spammed messages contained links that led users to a fake gift card promotion site and a site that advertised and sold replica watches, respectively.

Every special occasion and/or holiday is, in today’s threat-laden Internet landscape, not just a time for people to celebrate but also a time for spammers to scam unwitting users with their devious scams, as evidenced by these previous blog entries:

• Haiti Spam Leads to New Malware
• Phishers Target AOL IM Users
• Spam Attack Against the U.S. Defense Department Exploits an Adobe Vulnerability

Spammed messages come in many forms and with varying payloads, some redirect users to sites that sell anything and everything under the sun, most especially pharmaceutical and replica items; some lead to links to malicious or malware-ridden sites; some lead to sites that advertise bogus promotions; and some carry malware as attachments. That is why users should always be wary of opening email messages, particularly those that come from unknown sources.

Trend Micro™ Smart Protection Network™ protects users from these kinds of threat via its Web reputation service, which blocks access to known malicious sites and domains; email reputation service, which prevents spammed messages from even reaching your inboxes; and file reputation service, which detects and deletes all kinds of malicious files.

Non-Trend Micro product users can also stay protected from these threats by using the eMail ID plug-in, which helps identify legitimate email messages in your inbox. It helps avoid fake messages and the risks associated with them.

The Internet has grown to become a massive venue for information exchange that everything a user encounters on the Web may potentially be treacherous, including supposed antivirus software. Trend Micro Threat Encyclopedia has, so far, over 2,000 entries related to FAKEAV.

Many naive users still fall for the age-old ruse that rogue antivirus peddlers use—scareware tactics—to scam victims into believing that their systems have fallen prey to malware infections. Thinking of the repercussions presented by the fictional threats, users are duped into paying for something that turns out to be entirely nonfunctional.

The techniques cybercriminals use are changing at such an alarming rate as they become more intuitive about successfully pushing their FAKEAV creations to unwitting users. They often resort to poisoning results for the latest and most popular search terms and to customizing spammed messages containing malicious URLs or file attachments. There seems to be no end to the proliferation of FAKEAVs. In fact, FAKEAV variants consistently crop up alongside every major news from any part of the world. According to Paul Ferguson, Trend Micro Forward-looking Threat Researcher, hundreds of new rogue AV domains appear every day.

Not only is an infected user in danger of potentially being scammed by FAKEAV perpetrators, he/she also becomes a direct participant in perpetrating fraudulent activities and cybercrimes as part of a botnet. This is because FAKEAVs outsource their propagation to botnets with already-installed bases, which allows the cybercriminals behind FAKEAVs to “concentrate instead on coming up with effective scare tactics and pay-per-install models,” says Ferguson. This paved the way to its affiliation with other cybercriminal groups such as the KOOBFACE and BREDOLAB gangs, making it a very lucrative business model for cybercriminals. You can find more information about these affiliate programs in the following papers:

• “You Scratch My Back… BREDOLAB’s Sudden Rise in Prominence”
• “Show Me the Money! The Monetization of KOOBFACE”

Always remember that FAKEAVs exist for one thing alone—for cybercriminals to profit from users’ losses. That is probably why the cybercriminal minds behind FAKEAV are not showing any signs of slowing down. FAKEAV variants can be seen everywhere and can be delivered in a multitude of ways. They have, in fact, even made their way into iPhones! But it is not to late to start becoming more aware. Rely only on trusted news sites for the latest updates. Avoid clicking suspicious-looking URLs and downloading and opening file attachments, especially those that come from people you do not know.

Finally, use a reputable security suite that protects you wherever you connect. Trend Micro™ Smart Protection Network™ will serve users well to keep their systems safe from FAKEAV-related infections, as it blocks spammed messages with email reputation technology, prevents user access to malicious sites and domains with Web reputation technology, and detects and consequently deletes malicious files with file reputation technology.

iPhone users can also stay protected from FAKEAV-related threats and other malware via the Smart Surfing for iPhone at no cost at all. Keep in mind that smarter protection is key in dealing with complex malware.