For the first time, the FBI has issued a public warning about the threat of rogue anti-virus software, which the agency said has resulted in more than $150 million in losses to victims.
In an intelligence note posted Friday on the website of the Internet Crime Complaint Center, the FBI said users should be on the lookout for pop-up advertisements masking as legitimate-looking AV software, known as “rogueware” or “scareware.”
Rogue anti-virus software typically is purveyed through malicious advertisements, or “malvertisements,” on trusted websites. When viewed or clicked, the ads lead users to sites that claim their computer is infected and, to resolve the issue, they should buy an anti-virus product, which turns out to be fake. In other instances, the ads try to install trojans onto the victim’s PC.
Criminals also have orchestrated the attack by “poisoning” search results, so that when a user searches for a popular term, he or she is led to a website site hosting the bogus software.
“The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer,” the FBI alert said. “Once the pop-up appears, it cannot be easily closed.”
The FBI said computers running with administrator privileges are more likely to be infected. In addition, users should always research the names of security software applications to ensure their legitimacy.
A recently released report from the Anti-Phishing Working Group, which analyzed internet fraud trends for the first half of 2009, found that the number of rogue AV programs from January to June surpassed the total for all of 2008. In June, the final month of the study, there were 152,197 new strains.
“The primary reason for the creation of so many variants is to avoid signature-based detection by legitimate anti-virus programs,” said Luis Corrons, technical director at PandaLabs and a contributor to the report. “The use of behavioral analysis is of limited use in this type of malware because the programs themselves do not act maliciously on computers, other than displaying false information.”