Google Sees Fake AV Threat

Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.

Thomas Claburn, Editor at Large, Enterprise Mobility

April 14, 2010

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Fake anti-virus software is on the rise and currently accounts for about 15% of all malware detected, according to a forthcoming report from Google.

Fake anti-virus software purports to be software than can find and remove malware. But in fact it's malware, the very thing it's supposed to eliminate.

Fake AV software typically pretends to scan the victim's computer and to find some form of malware, at which point it seeks payment from the victim to remove the non-existent malware.

Whether or not there's a payment, the fake AV software may install more malware.

Computer users often come into contact with fake AV software through spam Web sites and online ads, which explains why Google is interested in the topic.

Beyond its general concern with maintaining user trust and security, Google wants to make sure that online ads don't become such a pervasive means of malware delivery that users reject legitimate marketing as a risk.

In a blog post on Wednesday, Google security engineer Niels Provos said, "[T]he Fake AV threat is rising in prevalence, both absolutely, and relative to other forms of Web-based malware."

Google's forthcoming report, slated for presentation later this month at the Workshop on Large-Scale Exploits and Emergent Threats (LEET) in San Jose, Calif., says the company found 11,000 domains involved in distributing fake AV software over the past 13 months.

The report, "The Nocebo Effect on the Web: An Analysis of Fake AV distribution," says that fake AV attacks represent 60% of the malware found on Web sites that include trending keywords -- popular search terms that generate visitor traffic.

It also says that fake AV software is responsible for 50% of all malware delivered via online ads, five times more than a year ago.

In a related note, Google's Postini Q1 spam report indicates that despite several high profile botnet takedowns, spam volume as a percentage of total e-mail volume remains steady.

"This suggests that there's no shortage of botnets out there for spammers to use," said Gopal Shah, from Google's Postini team, in a blog post. "If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns."

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights