Fake antivirus programs go online
The amount of fake antivirus programs has decreased recently as the real McCoy successfully stems their spread to users’ computers. But the scammers behind these rogue programs have started using the Internet as an alternative. In this scenario the program doesn’t need to be downloaded to a computer; the cybercriminals just have to get the user to visit a specific page, which is a lot easier than bypassing real antivirus protection. Several of these new ‘Internet antivirus programs’ were among the leading malicious programs detected online in December, with two samples making it into our Top 20 at 18th and 20th places.
The screenshot below was generated by Trojan.HTML.Fraud.ct and gives an insight into how these fake antivirus programs work.
Screenshot generated by Trojan.HTML.Fraud.ct
As you can see from the screenshot, the fake antivirus program generates an Internet page that closely resembles the My Computer window in a Windows operating system. The subsequent scenario is already a familiar one: it starts to simulate a scan of the computer and almost immediately claims it has detected malware. If the user agrees to clean up the system, a fake antivirus program is downloaded which then tells the user to purchase a license in order to remove the “malware”.
Request for payment from a fake antivirus program
The majority of computers where this malicious program was detected were located in developed countries: the USA, Canada, the UK, Germany and France, with India most probably making it into the list due to the high number of English-speaking users in that country.
0 comments:
Post a Comment