By Paul Wood
Fake antivirus has been around for a while and it’s a booming business/cybercrime enterprise that probably isn’t going anywhere soon. It is also one of the most popular types of a massive attack (where cybercriminals try to infect as many people as possible) – so the appearance of it on Macs and even mobile phones was inevitable. To fool potential victims, rogue security software programs are designed to appear as legitimate as possible.
In the latest Intelligence Report from Symantec, we take a closer look at one particular form of fake antivirus that cybercriminals have been peddling.
Recently, we discovered fake antivirus software purporting to be from Symantec. These types of scams will usually go by a generic name like “Windows Defender”. Users are sent an email, claiming that they, and everyone else on their network, are infected and they can download the ‘Symantec’ software to clear the problem.
If a user downloads and executes the removal tool, a dialog box posing as a Java update appears. The user will see no sign that something has been installed, and the threat no longer says that the computer is infected. This leaves the user to believe the problem has cleared. However, malware has been downloaded and an information-stealing Trojan (Infostealer) is installed.
This particular scam does leave a few clues for users to discover that it’s fake; the email contains old Symantec branding – anything that is truly coming from the company would use the current logo. The Java installation dialog box also uses an old logo representing a company that has since been acquired. The most important thing to remember: if it seems too good to be true, or if something seems suspicious, it probably is. Follow your instincts – you’re probably right.
Other highlights from the Symantec Intelligence Report for August 2012:
Spam: 72.2 percent of total email in Canada (a global increase of 4.2 percentage point since July 2012)
Phishing: One in 343.6 emails identified as phishing in Canada (a global increase of 0.109 percentage points since July 2012)
Malware: One in 276.3 emails contained malware (a decrease of 0.14 percentage points since July 2012)