Fake antivirus or FAKEAV has become a significant threat and more and more users have become victims of this profitable scam. Trend Micro and the rest of the security industry continues to work hard to protect users against this threat. However, educating and informing users about this scam is more effective than any technical solution that the industry can provide. In this blog entry, you will find some tips that will allow you to identify fake antivirus programs and other similar Internet scams.
An antivirus program that installs itself then proceeds to “scan” the PC without user intervention is unlikely to be real.
We’ve talked many times in the past about how the bad guys poison search engines so that certain results point users to fake antivirus sites. When this happens, the users see warning messages similar to this:
Clicking the OK button allows the malware to automatically install itself on the PC and to “scan” the system straight away.
Real antivirus applications never work this way. Users are always in control of the application. Real antivirus software explicitly asks a user’s permission before installation and when scanning for malware. Real antivirus programs will never automatically install. If you have an antivirus application on your PC that you don’t remember installing, chances are it’s a scam.
Antivirus software today tries hard not to bother users.
In the past, antivirus programs could be somewhat annoying, particularly when they found suspicious files. Nowadays, however, legitimate vendors have improved their user interfaces with the overall goal of “getting out of the user’s way.”
FAKEAV applications, on the other hand, deliberately use loud and annoying alerts to cause panic and to alarm users. Here are some examples of annoying pop-up and dialog boxes from fake antivirus programs:
If you are constantly reminded that you have to activate the product, it’s probably fake.
New fake antivirus variants have very professional-looking interfaces but one thing that should tip off users is that everything useful requires software activation. This is because their main goal is to make money and the best way for them to do that is via user activation.
Here’s a sample of one of the activation pages fake antivirus applications present to the user.
Related to this is another common way to tell fake antivirus applications from real ones—real antivirus products will offer to solve any threat they find straight away and will never require the user to pay before cleaning. For example, trial downloads of the Trend Micro Titanium family of products are functional for 30 days and work normally within that period.
In contrast, FAKEAV authors want users to pay upfront for the imaginary problems they claim to detect.
Your search engine is your friend.
There’s an Internet saying that goes “Everything is just a Google search away.” If it feels suspicious, it probably is and there is absolutely no harm in searching online to find out. If you are unsure about any antivirus program on your system, look for the product’s name. If it’s a real product, you will be able to quickly find a legitimate page. Searches for fake antivirus applications, however, are frequently full of reports from users who have been victimized.
Ooops… My system has been infected, now what?
Trend Micro products are all capable of detecting and removing fake antivirus software. If you’re not a customer, however, you can use our online free virus scanner HouseCall, our free antivirus scanner. It is capable of detecting and removing malware threats on user systems, including those related to FAKEAV.
More information about FAKEAV can be found in the paper FAKEAV: The Growing Problem.