Fake AV Threat on the Rise: Google Study

Google researchers, who studied the operations of rogue antivirus for 13 months, are now disclosing their analysis. Their study reveals that rogue AV is accountable for 60% of the malicious software on the domains, which consists of Google Trend keywords.

Furthermore, the fake antivirus, at present, accounts for around 15% of all the malware detected. Also, according to Google, fake anti-virus is responsible for half of all malware that are delivered through online ads, five-fold more compared to 2009.

Niels Provos, software engineer with Google's Anti-Malware Team said that these findings are part of a research paper "The Nocebo Effect on the Web: An Analysis of Fake AV Distribution". This will be presented at the Workshop on Large Scale Exploits and Emergent Threats in San Jose, California, on April 27, 2010, as per the news published by eWeek on April 14, 2010. Some of the common features of these malicious activities that have emerged on the Internet as one of the most gainful criminal operations are revealed in the paper.

The study covered nearly 240 Million Web pages discovering around 11,000 domains that circulated rogue antivirus. As explained by the security experts, Fake AV, or rogue anti-virus, malware is actually a scam disguised as a popup notice informing the user of virus-infection on their system, and advising them that to get rid of the virus, they need to "click".

Certainly, clicking results in the installation of rogue software, which then extorts the innocent user into paying for a "full" version of that so-called anti-virus software. Notably, the machine remains relatively futile until some appropriate action is taken.

Niels Provos said that the Fake AV threat is mounting in occurrence, both in absolute terms and relative to other types of Web-based malware, as per the news published by InformationWeek on April 14, 2010.

Provos added that this malware takes undue advantage of the apprehensive nature of users that their system is vulnerable, and of their willingness to follow the appropriate corrective measures. The recommendation to the users is that they must run only antispyware and antivirus products from trusted vendors. They should also ensure using the updated edition of this software and immediately remove suspicious applications or programs detected by the scan.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 4/24/2010