Top Menu

Avoiding extortion schemes that use fake antivirus or malware programs

Mysterious gangsters threatening violence are the usual images that come to mind when the words “extortion” or “protection racket” are mentioned. Alarmingly, the online world has fallen victim to similar strong arm tactics used to separate people from their hard earned money. Unlike the real world where gangsters physically threaten business owners to pay “protection” money or else risk getting shot or their businesses blown up, online protection schemes scare Internet users into buying worthless software that supposedly fix these “threats.” Online extortion artists using fake antivirus, fake malware scanner programs, and similar software frighten through scary system messages of impending (but nonexistent) virus attacks or shame them about nonexistent pornography (or other sensitive information) supposedly “found” on their computer systems. Other scammers actually load real malware/spyware onto victims’ computers to trigger system warnings that would scare the user into buying their bogus product.

How fake antivirus and fake malware detector scams work

Real antivirus and real malware protection software have increased in sophistication and effectiveness that some shady programmers that used to make a lot of money turning victims’ computers into spam relay networks have ventured into selling antivirus and malware detection software that fix “infections” that don’t exist. Scare them and upsell them. Simple as that.

How fake antivirus and fake malware detection scams spread

Propagating the scam involves infecting desktop computers with malware that sends out scary and realistic looking “system warnings” that tell the user of a virus or malware infection. Another variation focuses on showing detection of pornography or other potentially embarrassing content. Users’ computers are infected the same way trojan horses are propagated—the loader program is either surreptitiously loaded without the user’s input or users themselves install the loader because it masquerades as a legitimate application.

Users get infected by:

- Downloading pirated or cracked software from torrent sites or file sharing sites – these programs are infected with a loader application that installs the malware which broadcasts the fake system warnings.

- Clicking a link and getting redirected to an attack page that loads the loader program into the user’s computer.

- Opening an HTML email attachment that redirects to an attack page that loads the loader application.

- Authorizing the installation of a supposedly beneficial browser plugin which turns out to be the loader application or triggers the loader application.

- Using fake online malware scanning services that actually install the loader program instead of scanning the user’s computer for viruses and malware.

Other dangers Fake Antivirus programs & Fake anti-malware programs pose

Not only are users scared by trojan horse loader programs into buying essentially worthless antivirus/antimalware applications, these pieces of software could also be exploited by their programmers to retrieve sensitive bank, internet browsing, and file storage issues.

The general internet public is not the only potential target of these extortion schemes—finance companies, banks and insurance companies are some of the more obvious potential victims. Since the user authorizes Windows to install these scam software, they are given security clearance and pose a massive security threat to whatever the user proceeds to do. Whether they send sensitive information, login to sensitive finance sites, and other activities, having a “user-authorized” fake program running in the background severely compromises any system’s security. It is not too far-fetched to think that these fake antivirus/antimalware software have “backdoor” capabilities, which give a remote attacker access to the user’s computer.

How to prevent becoming victimized by fake antivirus/antimalware scams

Be very selective when installing antivirus/antimalware applications. If you haven’t heard of the application, be very wary. Install only long-established internet security software published by companies that have a track record of trust and effectiveness. Symantec, ESET, McAfee, Kaspersky, AVG, and Microsoft Security Essentials are just some of the most trusted names in computer/network security you should look into first.

Always make sure your antivirus/antimalware software is updated. If you haven’t already set your software to auto-update, do it now.

Pay attention to your computer’s security warnings. When you get a system infection or system warning notice, do not click on anything immediately. Read the notice first and make sure it is a warning from your own antivirus/antimalware application. If it mentions a software that you are unaware of and has the following words “activate”, “load”, or “install”, close your browser and try to close the warning window without clicking the prompts above or clicking okay. Immediately run your real antivirus/antimalware scanner.

Pay attention to what you click online and follow the warnings your browser and real malware/antivirus software give you. If you are searching online and Google retrieves a listing with a warning that the site may harm your computer—follow that warning. If you are downloading email or trying to download a file and get a warning saying that it might be an unsafe file, follow that warning.

Be suspicious of HTML attachments in email – Trojan horse installations routinely use HTML files attached to emails as a transmission method. Many of these email try to grab the reader’s attention by claiming to be collection notices, bank notices, job offers, money transfers, and all sorts of other very important official communications. Don’t click on the attachment.

Don’t become another sad statistic

The spyware/malware and extortion scam industry is a multimillion dollar industry. Don’t be an unwitting contributor to this illegal industry’s rapid rise. Follow the “best practices” we listed above so you can safely avoid becoming victimized.