Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Fake antivirus software—designated as FAKEAV malware by Trend Micro—may have somewhat fallen out of the spotlight of late but it still remains a significant concern for many users. For example, in a poll of users at Trend Micro’s TrendWatch information portal, almost half of them indicated that they viewed FAKEAV as an issue of great concern.

    It’s a legitimate concern, as FAKEAV malware continues to use the tactics that made it a problem for users. For example, the recent 9/11 anniversary was hit by malicious search results:

    Click for larger view

    This follows the well-worn tactic of abusing news events to spread rogue antivirus malware. Using blackhat SEO techniques, which put malicious links among the search results for popular search phrases, has been extensively documented here at the Malware Blog in the past.

    Of course, the FAKEAV “software” itself is becoming more sophisticated as well. Some of the latest variants are now multilingual and this can help them get wider coverage around the world and therefore affect more victims:

    Click for larger view

    In general, new FAKEAV variants are becoming increasingly sophisticated and subtle. This past August, a fake Microsoft Malicious Software Removal Tool (MSRT) was found and detected as TROJ_FAKEAV.MSRT.

    Click for larger view

    More recently, a very sophisticated FAKEAV variant detected as TROJ_FAKEAV.KAX was found. While the behavior of these new variants remained largely identical to previous variants, the amount of effort that went to create user interfaces (UIs) that look legitimate was considerable:

    Click for larger view

    In the face of all these threats, however, the best practices for avoiding FAKEAV remain the same. Users should avoid clicking on suspicious-looking links in search results. Keeping software updated is also a must, as many exploits have payloads that end up downloading FAKEAV malware.

    Trend Micro users are continuously protected from rogue antivirus malware by the Trend Micro™ Smart Protection Network™. New variants are continuously found and detected and the sites that host these are constantly being discovered and blocked as well.

    For more in-depth information on the FAKEAV threat, you can consult the following papers and articles:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice