Symantec: Fake security software on millions of computers

Millions of computer in the US are infected with fake security software, which their owners may have even paid for, according to a cybercrime report from security company Symantec. Such software would only make computers more vulnerable, possibly allowing cybercrooks to take complete control of an infected computer.

"Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine," said Vincent Weafer, Symantec's vice president for security response.

Symantec found 250 different kinds of fake security software installed on computers, all with perfectly legitimate sounding names such as "Antivirus 2010" and "SpywareGuard 2008". According to Weafer, around 43 million downloads of fake security software were attempted in one year, although they do not know how many would have successfully completed.

"In terms of the number of people who potentially have this in their machines, it's tens of millions," Weafer said.

So how do cybercriminals get people to download or buy the fake security software? They plant fake adverts and alerts across the web that inform users that they have a virus on their computer - we've all seen them - and that if you download their "security software" the virus will be removed.

And if that wasn't bad enough, the cybercriminals are also using affiliate schemes to get middlemen to "sell" the software to potential victims, with the affiliate potentially earning 55 cents a download. According to Weafer, one affiliate scheme (which has been shut down), boasted that its top affiliates earned as much as $332,000 a month.

"What surprised us was how much these guys had tied into the whole affiliated model," Weafer said. "It was more refined than we anticipated."

Report a problem with article
Previous Story

TechSpot: Windows 7 Dual Boot Guide, Remove Partition How to

Next Story

[Update] Android used as an E-book platform - vaporware?

81 Comments

View more comments

I think the first step is to teach people how to bring up the "advanced startup menu". No matter how many times you explain it they always **** it up.

Once they master (pressing one key over and over) that then we can start moving on more complicated things.

> Millions of computer in the US are infected with fake security software, which their owners may have even paid for

...and every Symantec customer adding to the count...

Geez.... enough with the Norton bashing. Nobody hated Norton more than me back in the day. I had to install that bloated piece of crap on peoples computer. They would call me to install it after they already bought it. But the 2009 and 2010 versions are not the same Norton everyone remembers. I can honestly say anyone who is still bashing Norton has not tried the new version, its impossible. If you had you would not still be insulting them. Gosh!

Norton sucks. :devil:

Just playin. Well... mostly. While Norton AV may have gotten better in the last year, I still do not like the parent company. All the "research studies" they're doing to try and discredit other AV and security software is pretty low. Even if NAV was the best AV on the market, I still wouldn't buy it based on the actions of the corporation. They're getting none of my money.

Oddly enough I just removed Antivirus 2010 from a client's computer last week. System protected by Symantec Endpoint Protection. Guess it missed the mark on that one.

Pinebender said,
Oddly enough I just removed Antivirus 2010 from a client's computer last week. System protected by Symantec Endpoint Protection. Guess it missed the mark on that one.

I was watching a review of norton antivirus 2010 on youtube. He threw 10 bad sites at it. it did pretty good until the last one when he ran a install.exe that appeared on a bad site. After he installed it he had the rouge antivirus. So I wrote down the URL and went into a virtual machine that had Security essentials installed. It also let me run the file and infected my sandbox. So then I thought I would upload the file to http://www.virustotal.com/. After it uploaded it showed me that out of all the antviruses (most on the market) only 3 caught the file. Nod32, Mcafee and I can't remember the other one.

To which comments are you referring?

For reals though, if you think that lowly of Neowin and it's members, why don't you just leave?

RAID 0 said,
To which comments are you referring?

For reals though, if you think that lowly of Neowin and it's members, why don't you just leave?


Not yours, so don't worry.

I come here because I find this place funny. Why do you come here, when you seem almost universally hated on this site?

Mega Goatlord said,


Not yours, so don't worry.

I come here because I find this place funny. Why do you come here, when you seem almost universally hated on this site?


lol

Billus
Oh wow, Symantec fanboys Never thought I'd see the day lol. As for me, Microsoft Security Essentials covers my needs, I don't get virus's or other disgusting infections.

lol, kid. Not smart to trust Microsoft to protect you from malware !

I see dozens of fake anti virus installs every week. MS Antivirus has a number of other names. It is also known as XP Antivirus, Vitae Antivirus, Windows Antivirus, Win Antivirus, Antivirus Pro, Antivirus Pro 2009, Antivirus 2007, 2008, 2009, 2010, and 360, Internet Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008 and 2009, WinPCDefender, Antivirus XP Pro, Anti-Virus-1, and Total Security.

It is known to infect users using Windows, and is browser independent. One infection method involves the Zlob Trojan. Another involves the use of fake codec scams, such as Video ActiveX Enhancement 2.07

It usually slips by every single anti virus out there, and frequently updated to continue evasion.

i usally would go on a long drawn out comparasion story right now, but i am am lazy at the moment, Short version is this: i have worked on 1500+ machines over the last 9 years, and currently IN MY OPINION there is only 2 things you need right now to stay worry-free from all the bad bugs that are out there. Real Time protection is from AVIRA free edition.... and for a secondary on-demand scanner only MALWAREBYTES free edition. The combination of these two programs working together is amazing. Forget all your other protections suites, and your firewall, and your script blocker! just these two and you will be 99.99% safe.

I do understand that many people cannot help themselves getting virus on their pc, so fine, we need antivirus software. Myself, i have not used any AV suite for the last 15 years. Well at work yes, since our policy is we have to. But otherwise i think afew of you hit the nail, when saying 99.99999% of infections is due to stupid or unknowing users.
Yes i use FF with NoScript, and yes i do not download much at home, but through another network where it is possible to check for anything if i have doubts.

I just do not understand why most of you, if you are tech sawy enough, are even running AV... it bugs down pc, and is really not nessesary, unless you like to play with fire

ziph said,
I do understand that many people cannot help themselves getting virus on their pc, so fine, we need antivirus software. Myself, i have not used any AV suite for the last 15 years. Well at work yes, since our policy is we have to. But otherwise i think afew of you hit the nail, when saying 99.99999% of infections is due to stupid or unknowing users.
Yes i use FF with NoScript, and yes i do not download much at home, but through another network where it is possible to check for anything if i have doubts.

I just do not understand why most of you, if you are tech sawy enough, are even running AV... it bugs down pc, and is really not nessesary, unless you like to play with fire ;)

I think one of my favorite quotes from the movie "contact" comes in handy right about now

"There are a thousand reasons we can think of for the occupant of the machine to have this with them but mostly it's for the reasons we can't think of."

I just don't trust the internet, so I run AV software. I know that 99% of the time if you have safe browsing habits, you're probably in the clear, but I don't take any chances. And then you have to worry about other people who may use your computer.. the girlfriend for example, she's a smart girl, but she's not exactly tech savvy.

chevyordeath said,
I just don't trust the internet, so I run AV software. I know that 99% of the time if you have safe browsing habits, you're probably in the clear, but I don't take any chances. And then you have to worry about other people who may use your computer.. the girlfriend for example, she's a smart girl, but she's not exactly tech savvy.

I see your point, and mostly i just wanted to point out, that no AV is also viable if you can secure your pc physically. I do not visit alot of websites on a daily basis that is not in my bookmarks, then mostly forums and such. Oh well, Warwagons points is also fun, and can be true... all I am saying is, that if you really want to be without AV/extra firewall software etc. then it is not a problem if you use the right tools.

Tbh. i might get the MSE, since I am on win7x64, and can get it for free. I most likely would not notice it anyway, running off a brand new second gen intell ssd

Symantec found 250 different kinds of fake security software

How long before EU forces Microsoft to create ballot screen for the "security software"?

Symantec: we all know what your trying to do and thats to win us over to use ur crappy protection and i aint buying all that you say as your as crappy as mcafee so i have my own protection which suits me just fine and i don't have to put up with ur BS and shoddy stuff.

It's probably been said a lot before already in the comments but reading the title I immediately thought of Norton AV being the fake security product they were talking about.

Fake anti-virus's is a given online, what irks me more is the scamware being advertised on television. There was this program or website being advertised on television a while back which I forgot the name. I did a bit of research since it sounded very sketchy and shady, and found out everyone was calling it scamware.

The commercial starts off showing a PC which isn't running Windows, what rather looks like a Mac, errors are popping up all over the place stating how your PC is likely slow. It goes on by claiming how you can visit their website to scan your PC and fix problems in order to make it run "faster".

I decided to research it online and found it was referred to as commercial scamware and wasn't legit. You apparently visit their website which allows you to run a free scan, it then displays a list of fake problems and claims in order to remove them you must pay for their software. Upon purchasing their software and installing, it infects your PC and adds even more crap to make it run even slower thus the cycle continues.

Hopefully someone might know what commercial(s) I am referring to and can refresh my memory a bit. I haven't seen the commercials for a while now, but it irks me more than these fake anti-virus infections you can pick up online, since they are able to legally advertise this crap on television which most people trust. You would think there would be some kind of standards for television advertising anything which is illegal or could potentially be considered illegal.

I hope the the release of Microsoft Security Essentials will bring about the collapse of the home antivirus market - it is more than adequate for most users.

Symantec: Fake security software on millions of computers

Symantec - Fake security software on millions of computers

There, fixed that for you.

Commenting is disabled on this article.