How Did I Get This Fake Antivirus?

The most common infection currently is what is known as a fake antivirus infection. It is far more prevalent than any other infection out there for either Windows or Mac OS X. In the previous post, we explained just what this creature is. In this post, we’ll tell you how to catch it.

It Just Popped Up and Started Scanning!

The most common way the fake antivirus arrives is through a popup from a website. This popup pretends to scan your computer, showing you all the threats that it found during its preliminary scan. Once the scan is complete, it tells you that in order to do a full ‘free’ scan, it needs you to download the program. This social engineering approach is very common with many current types of malware. The unsuspecting user then downloads the ‘program’ in hopes that it will remove all of the problems that his or her computer apparently suffers from. In downloading this program, the user is, in fact, downloading the fake antivirus infection.

I Just Wanted to Watch a Movie!

If you are attempting to watch a movie online, particularly a movie for free or one that is still in theatres, you run a very high risk of running into this next form of fake antivirus infection. When you arrive at the movie’s website, you will be prompted to download a codec to be able to watch the movie. This ‘codec’ is actually the fake antivirus malware, which will usually pop up with a scanning box like the one mentioned above anywhere from a few minutes to a few hours after downloading the fake codec.

The Post Office and My Bank Infected My Computer!

Clicking on a link to a website from your email or an instant message can be a potentially dangerous thing, especially if it looks completely legitimate. Many messages that are not caught by your email provider’s spam filter look like they actually came from the Post Office, a carrier service, or a bank. If you receive any messages regarding these things, think twice about clicking on the link in the message.

  • Account Suspension or Account Cancellation
    • The message suggests that an account that you hold, be it a bank account or some other account, has been locked or cancelled due to suspicious activity. The message then goes on to explain that by clicking on the link, you will be taken to a page that will help you resolve this issue. This page, however, installs the fake antivirus malware onto your computer.
    • You’ve Received an E-Card
      • The message appears to come from a legitimate electronic greetings company. It asks that you click on the link to view the card. By clicking on the link, you are installing the fake antivirus malware onto your computer.
      • Password Reset
        • The message informs you that your password for your online account with a legitimate company has been reset for various reasons. You are then prompted to click on a link within the message to enter a new password for the account. By clicking on the link, the fake antivirus malware is installed.
        • Attempted Package Delivery or Problem with Package Delivery
          • The message from one of the popular carrier services (UPS, FedEx, DHL, USPS, etc.) informs you that a package that is being delivered to you either failed to be delivered or there was a problem with the package itself. The message requests that you click on the link to resolve the issue. The link actually takes you to a website where the fake antivirus malware is installed on your computer.

My Cousin Gave It to Me!

With the prevalence of email account hacking, we’re seeing a large amount of ‘friendly spam’ coming into our inboxes. Friendly spam is unwanted email that seems to come from someone you are already in contact with. The infection creator or their proxy will compromise an email account, and then send out an email to that account’s contact list requesting that a link within the email be clicked on. When the unsuspecting recipient clicks on the link, their computer is infected with the fake antivirus malware.

This Website Infected My Computer!

The last popular place the fake antivirus malware comes from is compromised websites. Many websites that are compromised have code placed into them that will download the fake antivirus malware onto your computer without even asking you if it can install it. Many of these websites are smaller websites that may or may not be updated frequently by their owners. The larger websites, run by larger companies such as Microsoft, Adobe, and Apple, have teams dedicated to making sure their website runs as it is supposed to, which is why you usually won’t see any of this malicious code placed on the big name websites. The small business websites, however, many times are created once and never looked at again. These websites are prime targets for those who wish to infect them with drive-by downloads of the fake antivirus malware.

This entry was posted in Online Safety, Tips and Tricks and tagged , , , . Bookmark the permalink.