Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Antivirus Peddlers Outpacing Real AV Firms

Posted by kdawson on from the catch-me-if-you-can dept.

An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."

15 of 245 comments (clear)

  1. Why use an unknown AV program? by Kenja · · Score: 1, Insightful

    There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Why use an unknown AV program? by charliezcc · · Score: 3, Insightful

      I don't think I have to point this out, but for the sake of clarity: the point is not that the vast majority of people are straying away from known AV software providers to unknown software providers; it is that the vast majority don't know any better and believe what the computer tells them!

    2. Re:Why use an unknown AV program? by 0racle · · Score: 3, Insightful

      To be nice, the average user is very naive. If they see a popup saying they need this AV, they trust it.

      --
      "I use a Mac because I'm just better than you are."
    3. Re:Why use an unknown AV program? by skine · · Score: 2, Insightful

      It's not a scheme, it's marketing.

    4. Re:Why use an unknown AV program? by RobDude · · Score: 2, Insightful

      When a person shows up to the door, people are skeptical because they don't know that person and don't have a business relationship with them.

      If you already buy an expensive product from a reputable company; you are going to be far less skeptical about things you are told about that product, by that company. If you buy a new car from Ford and the 'ABS' light comes on - provided you know nothing about cars, other than how to drive them, to believe that there is something wrong with your brakes; compared to how likely you are to believe there is something wrong with your car's brakes if a stranger knocks on your door and tells you.

      When people see a pop-up on their computer; they assume it's coming from Microsoft or Dell or whatever. So, they trust it.

    5. Re:Why use an unknown AV program? by AaxelB · · Score: 3, Insightful

      Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.

      If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?

      A big difference is that the fake antivirus pop-ups aren't usually trying to sell you anything, they just want you to click OK! It's easy to click OK, and, for the average [clueless] user, just clicking OK doesn't feel nearly as risky as letting a stranger into your home, or buying a mysterious product.

      I think most people just do a naive, clueless sort of risk assessment. If the pop-up is telling the truth, they really need the software. If the pop-up is lying... well, they're not directly paying anything and have no idea what could go wrong, so they assume it's not a problem. Therefore, they decide to click OK to install the software. To them, it's more like some random person standing on the sidewalk telling them, "You should walk on the other side of the street; there's a dead skunk halfway up the block and you really don't want to get near it." Eventually people will learn... but it may take a few generations.

  2. Even easier than that. by khasim · · Score: 2, Insightful

    The "scan" window pops up and tells them that they've been infected BUT IT IS OKAY because all they have to do is click here and the nice software from the friendly company will remove the nasty viruses for them.

    Yay!!!

    This is just a side effect of the "real" anti-virus/security businesses having no interest in reducing/mitigating the "virus" threat. It makes too much money for them.

  3. and after my rounds this past week..... by Lumpy · · Score: 2, Insightful

    I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX. the new internet security 2010 is an evil bastard that even kills the safe mode so you have to use a Bart PE to run combifix first and then reinstall AV and run a clean.

    Screw it, I'm done. Mac mini's are as cheap as a dirt cheap dell PC. and I'll install linux for them. I am done with windows support.

    --
    Do not look at laser with remaining good eye.
    1. Re:and after my rounds this past week..... by tepples · · Score: 2, Insightful

      I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX.

      Then how do they play PC games afterward?

      Mac mini's are as cheap as a dirt cheap dell PC.

      I just went to apple.com and dell.com; what I found disagrees with you. Mac mini: $599. Dell Inspiron 560s with Pentium dual core and 4 GB RAM: $429.

      and I'll install linux for them.

      Does this include installing and configuring Wine for "that one must-have app"?

    2. Re:and after my rounds this past week..... by fuzzyfuzzyfungus · · Score: 2, Insightful

      I'm with you on being done with supporting home users of Windows; but minis start at $700, with 2GB of RAM and no monitor. Dell will furnish you with a (big, ugly) box with triple the RAM, a 1TB HDD(rather than 160GB), and a 20 inch flat panel for the same money...(getting a 2.8GHz Phenom X4 instead of a 2.3GHz Core2 duo is just icing).

      The mini is cuter, certainly, and if you have to have OSX you have to have OSX; but the pricing is hardly equivalent for anybody willing to run linux or shove their computer under their desk.

    3. Re:and after my rounds this past week..... by tepples · · Score: 2, Insightful

      VMWare Player still needs a copy of Windows for the emulated machine, operating system updates for the emulated machine, and antivirus for the emulated machine.

  4. Re:EXCUSE ME SIR! by 0100010001010011 · · Score: 5, Insightful

    Pardon me sir, but this herb root extract can lower your blood pressure. Meaning that you can live a long and healthy life. It's not FDA approved but it's certified by these doctors.

    It works just as well in meat space too.

  5. Re:This is why i love noscript and requestpolicy by Achromatic1978 · · Score: 4, Insightful

    Our clients get these from ad pop-ups. Generally, the 3rd party ad servers get hacked to serve out these fake AVs. So, sites such as CNN, MSNBC, Fox News, and Drudge Report is often thought to be the vector. They are not, but their 3rd party ad subscriptions are!

    Generally, no. Generally, the reason is that the advertisers and their site owners rarely truly care. Have you seen the utter shit, spam, fakes, frauds that masquerade as Facebook ads, however often you click "X" and report it as "misleading / deceptive". Seriously, go to apple.com/store. Look for the neon green MacBook Air. You know, the one you can "test/review then keep for free"...

    It's lip service. They. Just. Don't. Care. The advertisers are paying the bills, not you.

  6. Doctors and celebrities by tepples · · Score: 2, Insightful

    Doctors, celebrities, what's the difference in the consumer's mind? Case 1: Dr. Dre. Case 2: "Of course Hugh Laurie is a doctor. He plays one on House M.D." Case 3: People with a doctorate in something other than medicine or osteopathy.

  7. Re:Three Findings by yuna49 · · Score: 2, Insightful

    Concerning #3, most of these exploits use Javascript to open a phony "scanning" window. I got one of these while reading the New York Times on my Linux machine using Firefox.