How Do Fake Antiviruses Spread?
Posted on: February 22nd, 2010
We have seen quite a bit of the fake antiviruses in the last month of so.
Fake AV was a relatively unusual occurrence until lately. Then it took off like a rocket. The most likely reason is that it’s a very profitable scam. And because of that, unfortunately, it’s highly likely that it’s going to continue.
For me the most annoying part is the high incidence of reinfections. We cleaned up many computers, and without a doubt they were free of any malicious or unwanted software. Yet, days or weeks later many of them contracted one or more fake AVs.
This made me look for an answer. I isolated previously that users of Internet Explorer are far more likely to get infected. Many of the reinfections happened to people who left my advices unheeded and continued to use Internet Explorer. However a few of them did switch to Firefox and still got infected. Therefore there must have been a way the fake AV peddlers use that is not dependent on what browser one uses.
An accidental glance of a printout at a customer gave me the clue to solve this mystery. The solution lies in the browser plug-in, or add-ons.
What are plug-ins, or add-ons? These are small modules that provide extra functions for the browser. For example, if you go to Youtube you’ll need a plug-in called Flash player in order to watch the videos there.
As it turns out these modules can have their own security weaknesses and the Fake AV peddlers do exploit these!
The solution is not only to switch over from Internet Explorer but to update the most common plug-ins & add-ons in order to minimize the chances of getting infected.
Here’s a list of the most common modules and the link to downloading the latest version of them:
Adobe Flash Player:
For Internet Explorer: http://filehippo.com/download_flashplayer_ie/
For other browsers: http://filehippo.com/download_flashplayer_firefox/
Java Runtime Environment (JRE):
For 32 bit machines: http://filehippo.com/download_jre_32/
For 64 bit machines: http://filehippo.com/download_jre_64/
(If you don’t know which one is your machine read this article: 32bit or 64bit?)
By switching browser and updating these software and, of course, avoiding suspicious websites and email there will be really small chance that you become victim of fake antiviruses.