Watch out for FakeAV!

  • Team Omega
  • September 30, 2011

FakeAV also known as Rogue Anti-Virus or ScareWare is a form of malware that warns users about threats on their system that don’t actually exist.  It is engineered to sell an Anti-Virus product (sometimes a product that is completely ineffective) directly or take one to a site where they can buy Anti-Virus software resulting in an affiliate fee paid to the author of the FakeAV for “assisting” with the sale.  

This has become a growing attack vector for the inadvertent installation of malware recently on both consumer and corporate systems.  FakeAV software looks very legitimate using official sounding names and logos of well known companies.  With all the recent talk about computer and network security, consumer users are often tricked into installing malware to run a scan and even buying such software in order to be what they consider proactive at helping protect their system from any “future attacks” when the future is right now! 

Likewise, your corporate users may think that the official looking dialog that some FakeAV just posted up on their web browser is part of your official PCI program or other security practice you are putting in place and go right ahead and install the FakeAV to “run a scan” leaving you with a Mega-malware Mess to clean up afterwards. Even if a corporate user realizes they have to actually buy a product at some subsequent step of the installation process, it is commonly too late.  They have already authorized the installation of the FakeAV malware and are then continually hounded to buy some product even possibly to the point that their system becomes useless to them until it is cleaned up.

You certainly should make it clear when user involvement is actually necessary for any rollouts or security steps you are taking. Users should know their exact responsibilities and take any other security related messages coming from their system to their managers or IT prior to taking any action on them.   

Systems management and security automation software that requires zero user involvement to apply policies, enforce browser white listing, install software, and manage all aspects of security should be used by your organization to simplify the process and avoid unnecessary risk posed by FakeAV and other threats.