Google Warns: 15% of All Malware Coming From Fake Antivirus Sites

In San Jose, California at a Usenix Workshop on Large-Scale Exploits and Emergent Threats, Google released their year long report on fraudulent antivirus sites and malware on the internet. The statistics released by the web giant are frightening. After reviewing 240 million websites between January 2009 and February 2010, authors of a Google study have concluded that fifteen percent of malicious software programs are ironically disguised as antivirus programs. They are being distributed by approximately 11,000 websites!

Even worse, underground programmers are becoming more adept at tricking users into installing their programs. Some of the many fake program names include MalwareAlarm, WinAntivirus, WinFixer, and XP Antivirus.

The Trickery

Fake antivirus software programs work by alerting computer users that their machines have been affected with malware. These alerts typically appear as a result of social engineering: fake antivirus programs are spread through pop-up advertisements and email rather than through the exploitation of software vulnerabilities.

Users then purchase and download the advertised software, which is either useless or malicious itself. Some fake programs are merely ineffective against viruses, and others install infections deliberately. For instance, a program could instruct a computer to capture and forward credit card information, or it could freeze an entire operating system.

According to Google’s report, some fake antivirus sites are so advanced that they detect the users’ operating systems and use JavaScript to adjust their interfaces accordingly. This explains why phony warnings may appear to be genuine system warnings.

Google’s Response

Google has taken steps to filter out the advertised URLs that are known to be associated with fake antivirus software. Nonetheless, scammers can still purchase online advertisements that highlight popular search terms and direct users to their unscrupulous sites; programmers are often able to rotate their landing domains quickly enough to evade the blacklist. After users arrive at a landing domain, they are simply redirected to an attack site.

On the bright side, Google notes that in some cases, domains hosting fake antivirus software are being blocked more quickly than before. For instance, a group that managed to serve content for 100 hours in April of 2009 had its activity reduced by about 99% by January of 2010. However, with so many malicious sites emerging everyday it is hard to tell how effective these measure will be in the long run.

Google is not alone in this battle against these malicious sites. The Anitvirus Help Center ( was created with the main purpose of helping PC users to avoid malicious sites and to get protected against them. The private market is not alone in this fight. Some purveyors of phony antivirus programs haven’t escaped the U.S. Federal Trade Commission (FTC). In 2008, the FTC leveled a nearly $2 million judgment against a company selling fake security products. Experts agree that there is still a lot work to be done and ridding the web of these malicious efforts.

Avoiding Infection

Computer users are advised to avoid opening email from unknown sources and to avoid clicking on suspicious pop-up ads. Many users aren’t aware that merely trying to close a pop-up can invite trouble; clicking on “X” to close a window could actually initiate a download. A safer way to shut down pop-up ads is to hit CTRL-ALT-DEL and close the rogue program from the list of running programs. The most effective tools to defend your PC against any harm is to have the proper protection.

Here are some questions to ask yourself to see if you may be at risk:

Do you ever open emails from unknown senders?
When was the last time you scanned your computer for viruses?
Do you have a 2010 version of antivirus protection installed in your computer?
Does your computer feel bogged down? Is it running slower than the day you purchased it?
Is your personal information (such as date of birth, hometown, names of family members, etc.) readily available on any of the social networking sites?

If you answered YES to any of these questions you may be at serious risk!

Check out our Antivirus Solutions Page for the best antivirus software products and available Free scans to protect your computer.

George Steel – Covers internet security issues, malicious sites, computer virus threats from all around the world, and general technology breaking news for Antivirus Help Center.

FREE: Sign Up Today! and Stay Informed on all the latest computer threats by Subscribing to Antivirus Help Center’s Latest Threats Feed.

Leave A Comment