As the internet has matured, most people now know they need antivirus. However, rather than accept defeat, hackers have evolved to work around this change. In a twisted sense of irony, more and more malware masquerades itself as the software meant to destroy it. Like a trojan horse, thee programs pretend to offer protection from viruses and malware, but secretly infect the system from its inner sanctums. Now more than ever, it’s necessary to understand, identify, and protect oneself from bogus antivirus.
First, it’s essential to understand just what fake antivirus is capable of. Because most users install it as a system application, this means it’s granted the highest possible privilege on the computer, even higher than most users. This makes the program very difficult to uninstall and very dangerous; fake antiviruses will often prevent the installation and execution of real defense software. While it’s running, the fake software can log all user activity, execute commands from an attacker, and much more. However, to remain inconspicuous, it generally lies low with occasional demands for money or subscriptions.
Despite these extreme risks, fake antivirus mostly spreads through its seemingly innocuous nature. The hackers behind such software often make seemingly legitimate webpages and
pay to kick their software to the top of Google. They may also use fake popup alerts to make users think their system is already infected and must install the fake antivirus to clean their system.
To avoid infection by antivirus, there are two main methods of prevention. The first tackles human error: computer users should adopt some level of skepticism and avoid clicking popups or advertisements, particularly when it makes little sense to do so. Ideally, one should be able to recognize issues and avoid them before an infection ever reaches the computer. By googling the name of a software, it should be feasible to find a third-party source to verify legitimacy. Second, by installing protection software which has already been verified, users can implement a final layer of defense. Many antimalware programs will detect bogus clones and kill them before they can do any damage. Together, practicing both policies will protect users from most fake antivirus threats.
Author: Grey Ruessler, IT User Services
McDowell, M. October 11th, 2010. Recognizing Fake Antiviruses. Department of Homeland Security: CISA. https://www.us-cert.gov/ncas/tips/ST10-001