Google: Fake antivirus makes up 15 percent of all malware
Summary
Topics
Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February 2010.
That's a five-fold increase from when the company first started its analysis, Niels Provos, a principal software engineer at Google, said in an interview.
Meanwhile, fake antivirus scams represent half of all malware delivered via advertisements, which is becoming a problem for high-profile sites that rely on their advertisers and ad networks to distribute clean ads.
Google analyzed 240 million Web pages and uncovered more than 11,000 domains involved in fake antivirus distribution for the study, which Google is set to unveil at the Usenix Workshop on Large-Scale Exploits and Emergent Threats Tuesday in San Jose, Calif.
For more on this story, read Google: Fake antivirus is 15 percent of all malware on CNET News.
Talkback Most Recent of 61 Talkback(s)
-
Adverts
If you use Firefox just use the addon Ad Block Plus.
It blocks those ads on the pages.
No more problem.
MoeFugger28th Apr 2010 -
Firefox doesn't work...
Wrong. The ads use many different technologies that the plug-ins for Firefox don't all yet block properly. Plus some of them are not from ads, but from search engine poisoning, and other methods. If anything Firefox is more of a problem than a help.
Narg28th Apr 2010 -
Firefox
Firefox helps, but the target is not the browser or workstation: it is the user. If they can only suck the user into making one little error...
We need better protection at several levels. The firewall, network, OS, security software, applications, and users all need to be prepared to manage threats. Right now, we are lucky to get one of 6. As long as that one can be circumvented by a frightened and ill-trained user we are vulnerable. Period.
wpeckham@...28th Apr 2010 -
Firefox
I had an attack of this nature this past weekend. I immediately realized what it was and obviously didn't download the software. The problem was it would actually have been easier to get rid of if I had, because then I could have deleted the appropriate files and altered the registry. But as it was, I couldn't locate the files or the registry entries and despite using a host of malware and spyware scanners to identify the exact nature of the infection and then using HijackThis and ComboFix, I still couldn't get rid of it without resorting to professional help. And that's without actually downloading it. This attack happened almost exactly as described above, I was on a legit site and it popped up. Granted, I could have gotten it while possibly being on a site that's not exactly on the up and up, but it still got past Firefox. Yes, I do agree that an uneducated computer user is incredibly dangerous to themselves and their system, but don't pin all the blame on them. Even users who aren't IT professionals but are still more technical than the average user can still get surprise attacked.
themosh28th Apr 2010 -
AdBlock Plus No Script = Effective Countermeasures
No one tool does everything.
Dr. John28th Apr 2010 -
Good combination
Not fool-proof (what is?) but better than anything IE has come up with.
ubiquitous one28th Apr 2010 -
I second that..
"...AdBlock Plus No Script = Effective Countermeasures ... No one tool does everything."
I won't use FF without NoScript - what, with the inbuilt (and fully customizable) ABE protection engine, XSS sanitizer and HTTPS enforcement for user specified domains - you have but an inkling there of how much background browsing defense NS provides. Add to that AdBlock Plus and it's easy to use UI and its dynamic user control over domain-based ads, then you've just made for a d@mn secure time browsing!
In essence, FF + ABP + NS is just an awesome combo that i'd advise any person to take up. Their relevance to this particular case shouldn't be dismissed lightly by any reader of this particular blog.
Thanks for bringing the subject to the fore.
thx-1138_@...29th Apr 2010 -
Try surfing the internet without it
Never mind just the security benefits, I don't have to look at those stupid ads and pop-up boxes anymore.
Makes webpages a look a lot cleaner and cuts down on corporate contamination to boot.
ubiquitous one29th Apr 2010 -
I give that combination to all my clients
After a bit of explanation, and careful social engineering with respect to NoScript, I've not had a single complaint about not being able to access any content on any website, and when I ask I'm usually told NoScript is not in the least annoying to use.
tracy anne29th Apr 2010 -
Good Point, Bad Point!
You make the good point that Firefox does not block everything (and for that matter, cannot), but then you spit in the soup by following it immediately with a bad point, not even CLOSE to true, when you claim it is "more of a problem than a help".
Of course this is false. Firefox + NoScript, or better yet, Firefox+NoScript+AdBlock, has set the bar high for safe browsing on the net, and saved a LOT of people from serious problems.
mejohnsn29th Apr 2010 -
RE: Google: Fake antivirus makes up 15 percent of all malware
I have been telling my customers for months that the facebook, myspace and tagged sites are getting hit with their advertisements and applications.
tech@...28th Apr 2010 -
It's more than 15%!!!!
The only malware I've had to clean off of a computer over the past 18 months are these fake AV programs. Sure there's probably a lot more floating around, but 99% of them are caught by AV programs. (real AV programs that is). This fake AV malware is horrendous. The makers should be sued until their great grandchildren hurt!
Narg28th Apr 2010 -
A lot more than 15%
90% of the computers I've cleaned in the last 3 years are Rogue AVs such as AV2008, 09, and 10. Norton, TrendMicro, and others don't even know that these AVs are getting through. MalwareBytes work if you install it with another name (and delete restore points). SuperAntiSpyware works 90% of the time.
JayMar1328th Apr 2010 -
It's all in the timing
MalwareBytes also works if you simply click it as soon as the PC boots up. The malware can only prevent MalwareBytes from running if it has loaded first. A fast initial click heads it off at the pass and it'll be cleaned out after another reboot.
Nemesys_z28th Apr 2010 -
Malwarebytes
I've always been able to get Malwarebytes to work by booting in Safe Mode, thus preventing the fake AV malware from loading.
Rick
rick@...28th Apr 2010
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox




