madison
Home / News & Blogs

Google: Fake antivirus makes up 15 percent of all malware

Elinor Mills CNET News | April 28, 2010 4:44 AM PDT

Summary

A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software.

Topics

Google Inc., Malware, Viruses And Worms, Cyberthreats, Security, Google, antivirus, threats, Spyware, Adware & Malware, Elinor Mills CNET News
A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates.

Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February 2010.

That's a five-fold increase from when the company first started its analysis, Niels Provos, a principal software engineer at Google, said in an interview.

Meanwhile, fake antivirus scams represent half of all malware delivered via advertisements, which is becoming a problem for high-profile sites that rely on their advertisers and ad networks to distribute clean ads.

Google analyzed 240 million Web pages and uncovered more than 11,000 domains involved in fake antivirus distribution for the study, which Google is set to unveil at the Usenix Workshop on Large-Scale Exploits and Emergent Threats Tuesday in San Jose, Calif.

For more on this story, read Google: Fake antivirus is 15 percent of all malware on CNET News.

Talkback Most Recent of 61 Talkback(s)

  • Adverts
    If you use Firefox just use the addon Ad Block Plus.
    It blocks those ads on the pages.
    No more problem.
    ZDNet Gravatar
    MoeFugger
    28th Apr 2010
  • Firefox doesn't work...
    Wrong. The ads use many different technologies that the plug-ins for Firefox don't all yet block properly. Plus some of them are not from ads, but from search engine poisoning, and other methods. If anything Firefox is more of a problem than a help.
    ZDNet Gravatar
    Narg
    28th Apr 2010
  • Firefox
    Firefox helps, but the target is not the browser or workstation: it is the user. If they can only suck the user into making one little error...

    We need better protection at several levels. The firewall, network, OS, security software, applications, and users all need to be prepared to manage threats. Right now, we are lucky to get one of 6. As long as that one can be circumvented by a frightened and ill-trained user we are vulnerable. Period.
    ZDNet Gravatar
    wpeckham@...
    28th Apr 2010
  • Firefox
    I had an attack of this nature this past weekend. I immediately realized what it was and obviously didn't download the software. The problem was it would actually have been easier to get rid of if I had, because then I could have deleted the appropriate files and altered the registry. But as it was, I couldn't locate the files or the registry entries and despite using a host of malware and spyware scanners to identify the exact nature of the infection and then using HijackThis and ComboFix, I still couldn't get rid of it without resorting to professional help. And that's without actually downloading it. This attack happened almost exactly as described above, I was on a legit site and it popped up. Granted, I could have gotten it while possibly being on a site that's not exactly on the up and up, but it still got past Firefox. Yes, I do agree that an uneducated computer user is incredibly dangerous to themselves and their system, but don't pin all the blame on them. Even users who aren't IT professionals but are still more technical than the average user can still get surprise attacked.
    ZDNet Gravatar
    themosh
    28th Apr 2010
  • AdBlock Plus No Script = Effective Countermeasures
    No one tool does everything.
    ZDNet Gravatar
    Dr. John
    28th Apr 2010
  • Good combination
    Not fool-proof (what is?) but better than anything IE has come up with.
    ZDNet Gravatar
    ubiquitous one
    28th Apr 2010
  • I second that..
    "...AdBlock Plus No Script = Effective Countermeasures ... No one tool does everything."

    I won't use FF without NoScript - what, with the inbuilt (and fully customizable) ABE protection engine, XSS sanitizer and HTTPS enforcement for user specified domains - you have but an inkling there of how much background browsing defense NS provides. Add to that AdBlock Plus and it's easy to use UI and its dynamic user control over domain-based ads, then you've just made for a d@mn secure time browsing! wink

    In essence, FF + ABP + NS is just an awesome combo that i'd advise any person to take up. Their relevance to this particular case shouldn't be dismissed lightly by any reader of this particular blog.

    Thanks for bringing the subject to the fore.
    ZDNet Gravatar
    thx-1138_@...
    29th Apr 2010
  • Try surfing the internet without it
    Never mind just the security benefits, I don't have to look at those stupid ads and pop-up boxes anymore.

    Makes webpages a look a lot cleaner and cuts down on corporate contamination to boot.
    ZDNet Gravatar
    ubiquitous one
    29th Apr 2010
  • I give that combination to all my clients
    After a bit of explanation, and careful social engineering with respect to NoScript, I've not had a single complaint about not being able to access any content on any website, and when I ask I'm usually told NoScript is not in the least annoying to use.
    ZDNet Gravatar
    tracy anne
    29th Apr 2010
  • Good Point, Bad Point!
    You make the good point that Firefox does not block everything (and for that matter, cannot), but then you spit in the soup by following it immediately with a bad point, not even CLOSE to true, when you claim it is "more of a problem than a help".

    Of course this is false. Firefox + NoScript, or better yet, Firefox+NoScript+AdBlock, has set the bar high for safe browsing on the net, and saved a LOT of people from serious problems.
    ZDNet Gravatar
    mejohnsn
    29th Apr 2010
  • RE: Google: Fake antivirus makes up 15 percent of all malware
    I have been telling my customers for months that the facebook, myspace and tagged sites are getting hit with their advertisements and applications.
    ZDNet Gravatar
    tech@...
    28th Apr 2010
  • It's more than 15%!!!!
    The only malware I've had to clean off of a computer over the past 18 months are these fake AV programs. Sure there's probably a lot more floating around, but 99% of them are caught by AV programs. (real AV programs that is). This fake AV malware is horrendous. The makers should be sued until their great grandchildren hurt!
    ZDNet Gravatar
    Narg
    28th Apr 2010
  • A lot more than 15%
    90% of the computers I've cleaned in the last 3 years are Rogue AVs such as AV2008, 09, and 10. Norton, TrendMicro, and others don't even know that these AVs are getting through. MalwareBytes work if you install it with another name (and delete restore points). SuperAntiSpyware works 90% of the time.
    ZDNet Gravatar
    JayMar13
    28th Apr 2010
  • It's all in the timing
    MalwareBytes also works if you simply click it as soon as the PC boots up. The malware can only prevent MalwareBytes from running if it has loaded first. A fast initial click heads it off at the pass and it'll be cleaned out after another reboot.
    ZDNet Gravatar
    Nemesys_z
    28th Apr 2010
  • Malwarebytes
    I've always been able to get Malwarebytes to work by booting in Safe Mode, thus preventing the fake AV malware from loading.

    Rick
    ZDNet Gravatar
    rick@...
    28th Apr 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity