os-utilities in OS & Utilities Channel,
Written by: Miguel Esquirol on Apr 29 2010, 3:36pm

Be careful with Fake Antivirus

The trick is simple. We are constantly afraid of virus and malware when suddenly we receive a pop-up that tells us that our computer is compromised but they have a free software that can fix it. The message can come in many ways and formats, trough a mail or while navigating, in a pop-up, a banner and even imitating an actual notification of your computer. It also can arrive trough your grandmother mail that is convinced that the free program is really good.
The malware can also inform of performance problems, about security breaches or even simulate a crash of the system.


image of a fake antivurs notice

Once we installed the software and "got rid" of the malware or repaired the “problem” we start having real issues and our computer is now truly compromised. Or even worse, the "free" program is a trial to check our computer and according to it we have hundred of viruses and we have to pay to clean them (or to stop a new annoying window). Some times even if we paid (and revealed credit card information) the problems keeps going and the program doesn't erase the viruses but leaves behind some new malware. 

Google research

This is a problem that is growing online according an statement of Google.
Google conducted a 13-month study looking at some 240 million Web pages. The company determined that 11,000 of those domains were involved in distributing fake anti virus programs, and that those kinds of program comprise 15 percent of the malicious software on the Web. 

"More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface," according to Google's report. "In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match."

Google actions


Screen before acceding to the page from Google


Normally Google blacklist the domains to warn the people, but the developers of this fake anti-virus rotate domains. According to Google a domain for a fake anti-virus use to work for 100 hours in 2009, later the same year the figure fell below 10 hours per domain and to 1 hour per domain in January.
Google also found that legitimate anti-virus vendors were having more trouble identifying the fake programs due to an increased level of "polymorphism," a technique used to make an application look unique and evade malware scanners.

How to prevent this


Site that publicizes a known fake-antivirus


  • First of all is important to be educated about the existence of this kind of anti-virus. Just knowing about them can make us suspicious of any kind of pop up or message we find online.
  • Do your homework: Before installing any software, not only an unknown anti-virus, the best thing you can do is to look for information about what you are planing to install. Search for the file name in Google and look into more than one site and if its possible trusted pages. Its easy to create fake review sites or positive comments.  
  • In general don't try any software that you personally are not sure of it. Stay with your trusted software and if you are planning to buy software on-line go trough a secure and renown site.
  • Be careful with the pop-ups and notification windows you find and don't click automatically in "Yes" or "Accept".
  • Have installed a updated anti-virus and constantly look your computer for malware and spy ware. Tools like CCleaner and Spybot killer are good for that. Having Linux is also a good option.
  • Try to explain all this to your grandmother, relatives and friends. That is the hardest apart.