The Internet has grown to become a massive venue for information exchange that everything a user encounters on the Web may potentially be treacherous, including supposed antivirus software. Trend Micro Threat Encyclopedia has, so far, over 2,000 entries related to FAKEAV.
Many naive users still fall for the age-old ruse that rogue antivirus peddlers use—scareware tactics—to scam victims into believing that their systems have fallen prey to malware infections. Thinking of the repercussions presented by the fictional threats, users are duped into paying for something that turns out to be entirely nonfunctional.
The techniques cybercriminals use are changing at such an alarming rate as they become more intuitive about successfully pushing their FAKEAV creations to unwitting users. They often resort to poisoning results for the latest and most popular search terms and to customizing spammed messages containing malicious URLs or file attachments. There seems to be no end to the proliferation of FAKEAVs. In fact, FAKEAV variants consistently crop up alongside every major news from any part of the world. According to Paul Ferguson, Trend Micro Forward-looking Threat Researcher, hundreds of new rogue AV domains appear every day.
Not only is an infected user in danger of potentially being scammed by FAKEAV perpetrators, he/she also becomes a direct participant in perpetrating fraudulent activities and cybercrimes as part of a botnet. This is because FAKEAVs outsource their propagation to botnets with already-installed bases, which allows the cybercriminals behind FAKEAVs to “concentrate instead on coming up with effective scare tactics and pay-per-install models,” says Ferguson. This paved the way to its affiliation with other cybercriminal groups such as the KOOBFACE and BREDOLAB gangs, making it a very lucrative business model for cybercriminals. You can find more information about these affiliate programs in the following papers:
- “You Scratch My Back… BREDOLAB’s Sudden Rise in Prominence”
- “Show Me the Money! The Monetization of KOOBFACE”
Always remember that FAKEAVs exist for one thing alone—for cybercriminals to profit from users’ losses. That is probably why the cybercriminal minds behind FAKEAV are not showing any signs of slowing down. FAKEAV variants can be seen everywhere and can be delivered in a multitude of ways. They have, in fact, even made their way into iPhones! But it is not to late to start becoming more aware. Rely only on trusted news sites for the latest updates. Avoid clicking suspicious-looking URLs and downloading and opening file attachments, especially those that come from people you do not know.
Finally, use a reputable security suite that protects you wherever you connect. Trend Micro™ Smart Protection Network™ will serve users well to keep their systems safe from FAKEAV-related infections, as it blocks spammed messages with email reputation technology, prevents user access to malicious sites and domains with Web reputation technology, and detects and consequently deletes malicious files with file reputation technology.
iPhone users can also stay protected from FAKEAV-related threats and other malware via the Smart Surfing for iPhone at no cost at all. Keep in mind that smarter protection is key in dealing with complex malware.