Aggressive tactics used in new distribution and installation of fake anti-virus software

PandaLabs has identified a new and aggressive trend for selling fake anti-virus software.

It claimed that in comparison to previous campaigns, where users would typically see a series of warnings prompting them to buy a version of the program, the new technologies are being combined with ransomware, hijacking the computer and rendering it useless until victims complete the purchase.

The fake program, called Total Security 2009, is offered for £74.50. Victims are also offered ‘premium' tech support services for an additional £18.60. Users who the ransom will receive a serial number, which, when entered in the application, will release all files and executables, allowing them to work normally and recover their information. The fake anti-virus however, will remain on the system.

Luis Corrons, technical director of PandaLabs, said: “The way this rogueware operates presents a dual risk: firstly, users are tricked into paying money simply in order to use their computers; and secondly, these same users may believe that they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected.

“Users are often infected unknowingly, in most cases, through visiting hacked websites, and once a computer is infected it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge. Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked.”

Corrons claimed that once a computer is infected, any attempt made by the user to run a program or open a document will be unsuccessful, and the only response from the computer will be to display a message falsely informing the victim that all files are infected with the only solution being to buy the fake anti-virus.

He also said that the only application that can be used is the internet browser, conveniently allowing the victim to pay for the fake anti-virus.

PandaLabs has published the serial numbers required to unblock the computer if it has been hijacked on its blog. “Users can then install genuine security software to scan the computer in-depth and eliminate all traces of this fake anti-virus,” said Corrons.

Sign up to our newsletters