Educause Security Discussion mailing list archives

Re: how does fake antivirus work?

From: Alexander Kurt Keller <alkeller () SFSU EDU>
Date: Thu, 28 Apr 2011 16:07:21 +0000

Re: What is the range of how fake AVs really work?  Do some cajole you into installing their code while others silently 
inject their code automatically?

I have seen both. The most common is  visiting a malicious web site that presents an interface that mimics Windows 
explorer and displays a fake scan of your hard drive, complete with progress bar and various Windows UI accoutrements 
intended to fool the unsuspecting users. Of course that fake scan indicates that your current anti-virus software is 
out of date and all kinds of malware have been found on your computer, prompting the user to download/install their 
rogue anti-virus application. In these cases the user is complicit. Perhaps less common is the scenario where a user 
visits a malicious webpage (or email) that initiates a browser/flash/acrobat/etc exploit which subsequently installs 
the rogue anti-virus application without the consent of the user. The later vector is more advanced of course and 
typically requires more time/expertise investment by the attackers.

Best,
alex

Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Thursday, April 28, 2011 8:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] how does fake antivirus work?

The "SANS Securing The Human Program" training module #2 about Social Engineering demonstrates that fake antivirus 
programs fool you into going through the installation process to load their malware onto your computer.  Locally, I am 
hearing the assertion that fake AV is not nearly that gentle, that your computer is instantly and automatically 
compromised as soon as you go to their website, the process of installing their fake product can be just as fake as the 
process of evaluating your computer for current infections.

What is the range of how fake AVs really work?  Do some cajole you into installing their code while others silently 
inject their code automatically?

Around here, the most common instance of social engineering seems to be the simple email phish that asks for password, 
etc in reply or by going to a web form.

Bob Bayn                    (435)797-2396                 Security Team
                  You are on the Security Team, too.
Be an Internet Skeptic!  There's nothing really free on the 'net
Office of Information Technology     at     Utah State University
            http://tinyurl.com/bicyclists-share-kidneys

Current thread:

how does fake antivirus work? Bob Bayn (Apr 28)
- Re: how does fake antivirus work? Alexander Kurt Keller (Apr 28)
- <Possible follow-ups>
- Re: how does fake antivirus work? Joe St Sauver (Apr 28)