Rogue anti-virus scamware hitting hard, says Webroot

The research concluded that IT-savvy internet users are actually more susceptible than internet newbies to the fake alerts and scam reports that these types of rogue anti-virus applications create.

The Webroot report - which took in responses from almost 1200 users of all ages and IT skill levels - found that advanced users clicked on suspicious messages at a greater rate than less experienced users.

In addition, the study noted that 20% of respondents strongly trust the first page of search results, which Webroot said is "a common target for fraudulent links".

Unsurprisingly, researchers found that almost 20% of respondents reported "varying levels of financial or data loss following infection", and that over 50% experienced infections consistent with those of fake alert-related malware such as fake anti-virus.

Commenting on the research findings, Mike Kronenberg, Webroot's chief technology officer with the firm's consumer business unit, said that cybercriminals are preying on internet users' curiosity.

"Links to seemingly real search results and videos - and now even ads on reputable news sites - trigger fake warnings claiming you're infected or need `Home Antivirus 2010' or another bogus product."

"And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programmes and variants created in an attempt to bypass security technology."

"But with the right education, vigilance and technology, consumers can take steps to protect themselves."

The IT security vendor said that the appearance of fake anti-virus alerts changes frequently.

Ranging from phony Windows Security Centre warnings to notifications for security and anti-virus scans and viewer or codec downloads, Webroot said that each scam is designed to appear legitimate and urgent.

And, according to the Webroot Threat Research team, internet users can encounter fake anti-virus alerts through three main directions:

  • Fraudulent links - appearing at or near the top of search results. For example, earlier this week Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to Windows PC Defender, a known rogue security product.
  • Phony file links - Webroot recently reported on its threat blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of social networking sites. The links trigger viewer download messages that activate infection when clicked.
  • Ads on legitimate websites - Webroot researchers recently investigated the origins of a bogus ad on, which contained code leading to a fake alert and rogue product.

Delving into the research reveals that over 50% of advanced users encountered a fake Windows Security Centre alert, versus 33% of novice users.

On top of this, 26% of advanced users encountered a fake security / anti-virus scan, compared to approximately 10% of less experienced users

And 23% of advanced users clicked on a fake alert and in some cases purchased rogue security products such as fake anti-virus; conversely, 10% of novice users did the same.

As a result of its research, Webroot recommends that internet users stay vigilant and not click pop-up security and anti-virus alerts from unfamiliar companies, or poorly worded messages from known providers.

Users should also only buy security and anti-virus products from reputable companies and should check for links to familiar sites among search engine results.

On social networks, especially, the company said that internet users should not follow suspicious video links from `friends,'  as well as emails, friend requests, site links and other items from unknown sources.

What’s Hot on Infosecurity Magazine?