Backup Your Data Early……and Often
May 22, 2010
Your Website Working For You
June 9, 2010
What is Fake Antivirus?
FakeAV, or Fake Anti-Virus, is one of the most frequently-encountered and persistent threats on the web. This malware, with over half a million variants, uses social engineering to lure users onto infected websites. Once the FakeAV is downloaded onto the user’s computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. The FakeAV will continue to send these annoying and intrusive alerts until a payment is made.
What’s at risk?
The greatest threat of FakeAV is the risk to victims’ personally identifiable information, which is extracted and exploited by the affiliate networks that publish this malware.
How To Identify Fake AV
Fake AV uses a variety of social engineering techniques to get itself installed. Some examples include:
- Fake Windows updates
- Fake virus pages
- Fake Facebook apps
- Fake popup warnings
- Fake scans
Some examples of Fake AV include:
- AntiSpywarePRO
- AntiSpywarePlus
- AntiVirusXP
- XP AntiVirus
- Internet Security 2010
How Do I Protect Myself?
The most effective defense against the FakeAV threat is a comprehensive, layered security solution. Detection
can and should take place at each stage of the infection:
URL filtering: By blocking the domains and URLs from which FakeAV is downloaded, the infection can
be prevented from ever happening.
Detection of web-based content: This includes detection of the JavaScript and HTML used on FakeAV
and fake codec web pages. Detection at this layer prevents the FakeAV binary from being downloaded
(e.g., Mal/FakeAvJs, Mal/VidHtml).
Run-time detection: If a FakeAV executable manages to evade the other layers of protection,
Host Intrusion Prevention Systems (HIPS) can detect and block the behavior of the FakeAV sample when
it tries to execute on the system.
Spam blocking: Put safeguards in place to block spam containing FakeAV before a
user even sees it.
Want more information? Have questions regarding Fake AV or think you’re infected? Contact Partek IT Solutions today.
