Nasty Fake Antivirus

According to multiple security researchers, fake antivirus software was the biggest cyber crimes in 2010 and continues to be a major on-line scam. When fake antivirus first appeared, it could really be categorized as "scareware" and was fairly innocuous. Fake AV popped up unexpectedly, told you that your system may be infected, and then launched a fake scanning engine. While some people were clearly duped, you could easily work your way out if you recognized the scam. No harm, no foul.

I recently saw a demonstration of a more modern version of fake antivirus. The bad guys have made this scam more effective and sinister. When the fake AV appears on your system now you notice a steady progression with no way out. First, it shuts down your real antivirus and removes the icon from your system tray. It then shuts down any applications you have open, claiming that they may be infected. Finally, it blocks any file with a .exe extention so you can't open any processes. This blocks all of the things you would normally try to alleviate the problem. I tried launching pre-installed antivirus software to perform a system scan, opening Windows Task Manager to kill a process, and going into Windows tools to restore the system configuration to an earlier recovery point. All of these actions were blocked. Oh and don't bother re-booting the system. This won't help either.

Basically, fake AV launches a denial-of-service attack, making your PC absolutely useless. It reminded me of the insidious pop-up spyware and adware from the early 2000s. With this type of attack, even users who know better are tempted to buy the fake AV in order to get their PC, and their precious data, back. If you can open a browser and are willing to fight on, there are numerous downloadable tools that claim to overcome fake AV. Guess what? Many of them are just another kind of malware. Cybercriminals know how to kick you when you are down.

If you do get infected, there is actually a relatively easy way out. You have to reboot your system in safe mode (press the F8 key as you do), go into system tools, and then restore your system to an earlier recovery point. When this action is completed, I recommend updating Windows and doing a full system scan with your real AV immediately.

I've read a lot of research indicating that many users either don't use AV at all or don't really maintain it. You could say that these folks deserve to be scammed but when their PCs become part of a global botnet it impacts us all. The bad guys are very good at what they do. The only chance we have is to stay smart, share information, keep our systems up to date, maintain strong defenses, and remain vigilant.