Guide | How To Fake Antivirus: What Are They And How Do You Avoid Them?

[MalwareVirus]

Have you ever been browsing the Internet when a pop-up message or banner appeared, advertising antivirus software to you? It’s often designed to look like the result of “antivirus scanning”, which typically reveals about a dozen viruses on your system. The message was probably flashy and encouraged you to act, but you should never take any action on any of these messages! Fake or rogue antivirus can cause a lot of harm to your computer. They are designed to look legitimate and often times encourage victims to remove viruses from their system, perform updates, or install new software. They can be advertised to you as banner ads, pop-ups or email links, and can even appear in results streams for people who have searched for an antivirus product. When acted on, they’re meant to encourage you to pay up to $80 for “protection”, infect your computer with malicious software, steal personal information, including credit card numbers or corrupt files on your computer. Android users have to be cautious too, because fake antiviruses exist on Android platform for three years.
Do Your Research
Never install any program or software without researching the reputability of the company selling it first. Just because a company appears trustworthy in their advertisements doesn’t mean they are. Blindly clicking on a link or banner ad could lead you to a malicious site or allow malware to be downloaded onto your computer via a botnet you might not even know about. The more you know the safer you are, so never hesitate to perform a quick search before taking any action.
Look Out For Signs
Even if you’re using a reliable antivirus, you should make sure you’re doing your part to keep yourself safe as well. The easiest and most obvious step to take is to make yourself familiar with your chosen AV software. You should know what alerts and messages look like so that you can recognize any unfamiliar, fake ones that may appear while online. Two common warning signs of a fake message would be the lack of a company logo or a request for credit card information.

Read More

 

[aztony]

The easiest and most obvious step to take is to make yourself familiar with your chosen AV software. You should know what alerts and messages look like...

It was surprising to me how many users don't have a clue regarding their AV, or its features and related functions beyond downloading it on to their system.

 

[MalwareVirus]

"It was surprising to me how many users don't have a clue regarding their AV, or its features and related functions beyond downloading it on to their system. "
yes i think less people give their time to understanding their AV.But they are safe somehow
I visited my friend house 2 weeks before and i saw his computer gaurded with Avira Free(no firewall) and he visited unknown site without worry also he doen't know the meaning of firewall so i check their pc with HMP and i found no infection at all.According to him ccleaner is used for virus removal.

 

[aztony]

yes i think less people give their time to understanding their AV.But they are safe somehow
I visited my friend house 2 weeks before and i saw his computer gaurded with Avira Free(no firewall) and he visited unknown site without worry also he doen't know the meaning of firewall so i check their pc with HMP and i found no infection at all.According to him ccleaner is used for virus removal.

LOL! My luck was never that good. Sooner or later the law of averages catches up; one roll of the dice too many.

 

[Littlebits]

What is sad is most zero-day malware are these fake security products, ignorant users will get fooled by them and then manually download and run them ignoring UAC and Windows run warning. That why no AV's do a very good job blocking zero-day malware.

Thanks.

 

[aztony]

That why no AV's do a very good job blocking zero-day malware.

Thanks.

Very true, anytime an AV is too user dependent it is at a disadvantage due to poorly made decisions by non savvy users. It is why we're seeing the minimalist approach to counter act that problem by vendors like Panda and Bitdefender. Almost nothing for the user to tweak, and very little decision making.

 

[Malware1]

What is sad is most zero-day malware are these fake security products, ignorant users will get fooled by them and then manually download and run them ignoring UAC and Windows run warning. That why no AV's do a very good job blocking zero-day malware.

Thanks.

I never heard about zero-day rogues. I sometimes find fully undetected fake security products but they are not zero-day!

There's a plague of Antivirus Security Pro samples with digital signatures currently and none of them are zero-day.

Zero-day samples are malware with previously unknown security vulnerability!

 

[Littlebits]

What is sad is most zero-day malware are these fake security products, ignorant users will get fooled by them and then manually download and run them ignoring UAC and Windows run warning. That why no AV's do a very good job blocking zero-day malware.

Thanks.

I never heard about zero-day rogues. I sometimes find fully undetected fake security products but they are not zero-day!

There's a plague of Antivirus Security Pro samples with digital signatures currently and none of them are zero-day.

Zero-day samples are malware with previously unknown security vulnerability!

Understanding zero-day malware, the name doesn't apply that the malware is new, it can be several years old. The term applies to malware which is not detected by antivirus software. Some old malware can come back after several years of not getting distributed once AV vendors remove the signatures.

A Zero day virus is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.

- http://en.wikipedia.org/wiki/Zero-day_virus

Most zero-day malware never gets widely distributed on the web therefore it is not important for them to be detected most AV vendors will not make signatures for malware that is not currently distributed in the wild and AV vendors will delete the signatures to clean up space in their database once these malware are not longer active. Microsoft deletes signatures after 90 days of no activity in the wild. While some other AV vendors may keep the old signatures for years.

Emsisoft and Kaspersky just recently posted articles about zero-day malware, both agreed that the majority of them were Trojans which include these fake security products. Any malware that pretends to be something else is classified as Trojans.

The only type of zero-day malware to be concerned about is the ones that are currently being widely distributed on the web. Understanding what active in the wild means- it means that the malware is available on several websites for accidental download, malware found on websites that collect malware for research is not always active in the wild just because you can manually download it from that website that collects malware for research, it doesn't mean it is widely distributed for accidental download.

So there are basically two types of zero-day malware, "active and inactive" both can be malware that just has been created or old malware that just recently went back into the wild for distribution.

Don't get confused by the name "zero-day" it does not mean the malware was newly created before one day, it means the malware is not detected. Some old malware can come back active in the wild under a new variant to avoid previous detection which will do the same corruption as before.

If AV testers would verify that all of the samples tested was currently active in the wild, you would get much better results. But it takes a lot of work to get a sample verified. Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it.

Enjoy!!

 

[Malware1]

Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it.

Facepalm.

Please don't trust Wikipedia.

A Zero day virus is a previously unknown computer virus or other malware

How "Zero day virus" can be other malware than virus? Malware and virus aren't the same.

 

[MalwareVirus]

Thank you both for enlightment me on this zero day.
awesome...............

 

[Littlebits]

Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it.

Facepalm.

Please don't trust Wikipedia.

A Zero day virus is a previously unknown computer virus or other malware

How "Zero day virus" can be other malware than virus? Malware and virus aren't the same.

Wikipedia is 100% correct on terminology.
Back in history the first zero-day were all viruses, now most are Trojans but can be any type of malware.
For example: Why do some security product label themselves "Anti-Virus" while other label themselves "Anti-Malware" ? both kind of products detect all different types of malware. Then you have "Anti-Trojan" which detect mostly Trojans and rogue security products and the old "Anti-Spyware" which most have been discontinued because spyware detection is included in most "Anti-Virus".

Some products have changed their label to "Anti-Malware" to reflect current changes but most still use "Anti-Virus" even though most never detect viruses in general since they are not widespread like before. Only large corporations get hit by a virus now days, it is extremely rare for a home user to get infected with a virus.

It is common for all malware to be labeled as virus since most users don't know the different in the types of malware.

Notice the "or other malware" in Wikipedia which includes everything.

Thanks.

 

[aztony]

Some products have changed their label to "Anti-Malware" to reflect current changes...

In the current computer security threatscape, anything introduced into a PC for the purpose of disrupting its normal functioning, is by current consensus considered malware; be it virus, rootkit, spyware, trojan, etc.

 

[Malware1]

Most malware samples packs include malware that is not currently active in the wild, that is why some AV will not detect it.

Facepalm.

Please don't trust Wikipedia.

A Zero day virus is a previously unknown computer virus or other malware

How "Zero day virus" can be other malware than virus? Malware and virus aren't the same.

Wikipedia is 100% correct on terminology.
Back in history the first zero-day were all viruses, now most are Trojans but can be any type of malware.
For example: Why do some security product label themselves "Anti-Virus" while other label themselves "Anti-Malware" ? both kind of products detect all different types of malware. Then you have "Anti-Trojan" which detect mostly Trojans and rogue security products and the old "Anti-Spyware" which most have been discontinued because spyware detection is included in most "Anti-Virus".

Some products have changed their label to "Anti-Malware" to reflect current changes but most still use "Anti-Virus" even though most never detect viruses in general since they are not widespread like before. Only large corporations get hit by a virus now days, it is extremely rare for a home user to get infected with a virus.

It is common for all malware to be labeled as virus since most users don't know the different in the types of malware.

Notice the "or other malware" in Wikipedia which includes everything.

Thanks.

If it is trojan, then it's not a "zero-day virus", rather "zero-day trojan".

 

[Oxygen]

Good information, thanks for posting this.

 

[the unknwn]

another tip you can easily know if an av is a rougeware if it tells the user to pay the av to remove the "viruses" on your computer and notifying you to pay to remove them and they give not detailed information where the file is located and does not offer a free trial and most av's doesn't advertise their product in other sites