"Without TV, it is hard to know when one day ends and another begins"

Homer Simpson, cartoon character
(October 18, 1922, BBC was founded)

30 million computers are infected by fake antivirus programs

It's not new and it's not original, but the number of infections caused by fake antiviruses continues to increase rapidly. The creators of these programs only have one aim: to profit financially from their creations, and they are achieving this. "According to the data we are receiving at PandaLabs" -says Luis Corrons, technical director of PandaLabs-, "more than 30 million users have been infected by this new wave of fake antivirus programs. The information we have at present suggests that some 3% of these users have provided their personal details1 in the process of buying a product that claims to disinfect their computers. In fact, they never even receive the product. Extrapolating from an average price of €49.95, we can calculate that the creators of these programs are receiving more than €10 million per month"2

All of this is achieved simply by creating thousands of variants of a new type of adware and distributing it across the Internet. Users can be infected in several ways: browsing Web pages with adult content; downloading files from peer-to-peer networks; responding to e-greetings; downloading files that exploit security holes so users are infected without realizing, etc. There have even been cases of the Google home page being manipulated.

These programs all operate in a broadly similar way: The program tells users that they are infected and pop-up windows, desktops and screensavers keep appearing, practically preventing the victim from using the computer. The aim is to scare the user into buying the fake antivirus with, for example, cockroaches 'eating' the desktop, or fake blue screens of death. Internet-savvy users will realize quickly that this is a fake antivirus, and will look for a solution. "One of the worst things though, is that these programs are very difficult to disinfect. More advanced users might try to disinfect them manually, but this is no easy task. In general, it can take users up to three days to completely remove this threat from a computer", adds Corrons. "That's why we advise users whose antivirus has not detected the threat to install a new generation security solution designed especially to detect, disinfect and eliminate all traces of these malicious programs".

However, not all users identify the problem: Those who actually reach the pages selling the fake antivirus will find products that are clones of those developed by legitimate vendors. "We have to admit that these fakes and the corresponding Web pages can look quite authentic, and it's not surprising that some users end up buying them as they are desperate to clean their computers".

During the purchase process, users are asked to enter confidential data. On average, their credit cards are charged €49.95 for an 'antivirus' that they never receive. "As the products are imitations of well-known brands, the victims often turn to the companies, who can't do anything as they have not really bought any licenses".

What we still don't know is whether the bank or credit card details are then used later by the cyber-crooks. If that were the case, the financial implications are even greater.

"This new technique demonstrates the ingenuity of cyber-crooks, who are constantly on the lookout for new ways to make money", says Corrons.

At Panda Security we advise users to install a latest generation antivirus to avoid infections from this type of adware. To this end, we are offering users a free version, with 3-months' services, of Panda Internet Security 2009. http://acs.pandasoftware.com/marketing/promo/IS09PROMO3M.exe

For up-to-date computer security news go to the Panda Security Twitter.

1- http://blog.washingtonpost.com/securityfix/2007/12/study_32_billion_lost_to_phish_1.html
2- According to Forrester: "By the end of 2008, there will be more than one billion personal computers in use worldwide" http://www.forrester.com/ER/Press/Release/0,1769,1151,00.html. According to data compiled by PandaLabs from a sample of more than 2 million computers, 3% of users are infected with some type of fake antivirus. This makes a total of 30 million computers infected around the world.