Google Image Search Results May Produce FAKEAV

According to the security company 'Webroot,' the perception that fake antivirus software is widely present nowadays, just like any popular malware campaign, is once again proved right as bogus security programs spread through search results from Google Image.

FAKEAV distributors are reportedly scattering malware profusely across search results of well-known keywords, including actresses' names associated with favorite TV programs. The assaults target Web-surfers by producing pictures following Google searches, which actually take their browsers to websites that serve rogue AV.

When a user clicks on any of these phony pictures, the actual frame of Google search continues to appear at the page's beginning. Brandt says via a blog posting that the 'fake' alert appears at the bottom of page, as reported by Webroot Threat Blog on January 27, 2010.

Moreover, the malevolent URLs that the researchers came across directs the Web-browser to the identical 'fake' warning which in turn links to the identical phony AV program. Whenever they returned to the website, the same type of offensive fake antivirus software was produced although differently named or differently presented. While in the early part of the day, something known as Total Security was downloaded, by noon or later, the name of the tool became Security Tool.

If the rogue antivirus attacks suck in users even more, the latter may finally become so nastily infected that several of their key desktop controls may get disabled.

Brandt comments the behavior of the rogue AV on a contaminated computer is most obnoxious, as reported by EWeek Security Watch on January 28, 2010.

Apart from altering desktop wallpaper, disabling mouse's ability for right click and negating scroll wheel capability, rogue AVs' infection further prevents most Web-based software and deactivates the Windows Task Manager. To help get back their system's control, the attacks suggest that end-users buy disinfection packages by paying $50-90. However, these packages turn out completely useless, the researcher stated.

Hence, it is suggested that users immediately close their browser if anything suspicious appears during Web-surfing so that malicious file downloads can be avoided.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 2/5/2010