“Rogue or bogus programs passing themselves off as real antivirus software have been one of the malware themes of 2009, but the APWG’s numbers for the first half of the year show that the organization’s members detected 485,000 samples, more than five times the total for the whole of 2008. TechWorld – 1 Oct 09”
We have had multiple infections of computer systems by fake Anti-Virus programs. Most of these programs are installed on the system without the users knowledge, until a menu pops up on your computer screen stating that some type of Anti-Virus program (We have seen Anti-Virus 2009, Anti-Virus 2010, Anti-Virus XP, Anti-Virus Vista, Cyber Security, Total Protection, etc.) has found multiple virus infections on your computer system.
Of course, these infections cannot be removed until you purchase, install and activate the Anti-Virus product, which is currently running about $59.95, and has to be purchased using your credit card. Purchasing this product does not remove “viruses”, it only gives someone access to your credit cards.
We have had several systems where these programs have been found that have caused work stoppage on those systems until they were cleaned up. Some of the new Fake AV programs are completely locking a system out, with no access to files, programs or the internet until the “Ransom” is paid. Cleaning up these programs can cost 4-6 hours of work to try to remove them, since they are on your desktop, in the startup and in the registry. We have even had instances where the system had to be reformatted and setup from scratch. These programs can also disable Anti-Virus programs and websites, which means that every time you try to run them or update them through the internet, the programs will not launch or run.
How do you prevent these security incidents?
These programs are using a technique called “polymorphism” which essentially changes the “signature” of the virus program every time it is downloaded. This means that legitimate AV programs have a hard time keeping up with signatures that can change every few seconds.
To make sure your computer is as safe as possible ensure your computer is updated (Microsoft patches and updates) and ensure your Anti-Virus program update runs at a minimum daily.
If you find an icon on your desktop and you don’t know what it is, do not click on it.
If you suddenly get one of these menus that pops up on your work computer system, call someone in IT immediately.
In some ways these programs have replaced the virus infected e-mails we all remember getting. Now you might get an e-mail with an internet link that takes you to an infected website. Or you might be at a website and see a link to something you find interesting, so you click on it. These links can be found even on legitimate websites.
The best prevention is to know what websites you are going to and to treat it like e-mail. If you don’t know what it is, don’t click on it.
“In the last year, fake antivirus programs have become possibly the biggest money-making scam on the Internet after spam marketing, even managing to find distribution on false pretences through premium Internet sites such as The New York Times. www.pcworld.com – October 17, 2009”