We have had several reports from across campus and would like to warn you from becoming victim to this new type of malware.
Excerpts below are from “ Stopping Fake Antivirus: How to Keep Scareware off Your Network”, Sophos.
What is fake antivirus?
Fake antivirus is fake security software which pretends to find dangerous security threats—such as viruses—on your computer. The initial scan is free, but if you want to clean up the fraudulently-reported “threats,” you need to pay.
This class of malware displays false alert messages to computer users concerning threats on their machines (but these threats do not really exist). The alerts will prompt users to visit a website where they will be asked to pay for these non-existent threats to be cleaned up. The fake antivirus malware will continue to send these annoying and intrusive alerts until a payment is made or the malware is removed.
How do people get infected with fake antivirus?
Although there are many different ways that a specific fake antivirus may get onto a system, the majority of distribution avenues rely on social engineering. Ultimately, the user is tricked into running the fake antivirus installer executable in a way similar to many other types of Trojans. Fake antivirus authors have used a huge range of different social engineering tricks and are continuing to come up with new ones all the time.
- Search engine optimization poisoning
- Email spam campaigns
- Compromised websites and exploit payloads
- Fake antivirus downloads by other malware
User education is an important part of the defense as well. Users should know not to click on anything suspicious. But, they should also be reminded that the IT department takes care of antivirus protection for their computers. If they are concerned about antivirus, or have strange messages popping up, they should contact IT and not try to sort it out for themselves. It’s also important to religiously refuse any anti-malware software which offers a free scan but forces you to pay for cleanup. Reputable brands don’t do this—an antivirus evaluation should let you try out detection and disinfection before you buy.
Please remember to contact IT of any unusual computer behavior.