Fake AV peddlers change their tactics

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

There has been a decline in rogue AV schemes lately, and researchers chalk it up to a combination of law enforcement and security community efforts and an increased coverage of the matter in main stream media.

But, as with any lucrative business, criminals aren’t likely to abandon it altogether and will surely try to change their approach a bit.

“Getting familiar with the actual, legitimate names and interfaces of AV software you, your business and your family use is one way for users to spot a fake,” advises GFI’s Jovi Umawing. “And cybercriminals generally target those who are not in the know.”

He also enumerates a couple of recently spotted variations of fake AV software that users should be on the lookout for:

  • “PC Repair” – a tool that purportedly optimizes and analyzes the computer’s performance,
  • “Open Cloud AV” – With this tool, the crooks are talking advantage of the fact that many users aren’t familiar with the concept of “cloud” and are likely to fall for the buzzword
  • “Security Guard 2012” – Pops up the dreaded Windows “blue screen of death” in order to scare the users into buying the offered product, along with other pop-up messages notifying the user of an extensive infection.

All three solutions try to get the users to pay for protection, and in order to evade detection by other AV solutions and to be restarted every time the computer is rebooted, they install a rootkit into the Master Boot Record.