Symantec: Fake security software on millions of computers

Millions of computer in the US are infected with fake security software, which their owners may have even paid for, according to a cybercrime report from security company Symantec. Such software would only make computers more vulnerable, possibly allowing cybercrooks to take complete control of an infected computer.

"Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine," said Vincent Weafer, Symantec's vice president for security response.

Symantec found 250 different kinds of fake security software installed on computers, all with perfectly legitimate sounding names such as "Antivirus 2010" and "SpywareGuard 2008". According to Weafer, around 43 million downloads of fake security software were attempted in one year, although they do not know how many would have successfully completed.

"In terms of the number of people who potentially have this in their machines, it's tens of millions," Weafer said.

So how do cybercriminals get people to download or buy the fake security software? They plant fake adverts and alerts across the web that inform users that they have a virus on their computer - we've all seen them - and that if you download their "security software" the virus will be removed.

And if that wasn't bad enough, the cybercriminals are also using affiliate schemes to get middlemen to "sell" the software to potential victims, with the affiliate potentially earning 55 cents a download. According to Weafer, one affiliate scheme (which has been shut down), boasted that its top affiliates earned as much as $332,000 a month.

"What surprised us was how much these guys had tied into the whole affiliated model," Weafer said. "It was more refined than we anticipated."

Report a problem with article
Previous Story

TechSpot: Windows 7 Dual Boot Guide, Remove Partition How to

Next Story

[Update] Android used as an E-book platform - vaporware?

81 Comments

Commenting is disabled on this article.

Symantec: Fake security software on millions of computers

Symantec - Fake security software on millions of computers

There, fixed that for you.

I hope the the release of Microsoft Security Essentials will bring about the collapse of the home antivirus market - it is more than adequate for most users.

Fake anti-virus's is a given online, what irks me more is the scamware being advertised on television. There was this program or website being advertised on television a while back which I forgot the name. I did a bit of research since it sounded very sketchy and shady, and found out everyone was calling it scamware.

The commercial starts off showing a PC which isn't running Windows, what rather looks like a Mac, errors are popping up all over the place stating how your PC is likely slow. It goes on by claiming how you can visit their website to scan your PC and fix problems in order to make it run "faster".

I decided to research it online and found it was referred to as commercial scamware and wasn't legit. You apparently visit their website which allows you to run a free scan, it then displays a list of fake problems and claims in order to remove them you must pay for their software. Upon purchasing their software and installing, it infects your PC and adds even more crap to make it run even slower thus the cycle continues.

Hopefully someone might know what commercial(s) I am referring to and can refresh my memory a bit. I haven't seen the commercials for a while now, but it irks me more than these fake anti-virus infections you can pick up online, since they are able to legally advertise this crap on television which most people trust. You would think there would be some kind of standards for television advertising anything which is illegal or could potentially be considered illegal.

It's probably been said a lot before already in the comments but reading the title I immediately thought of Norton AV being the fake security product they were talking about.

Symantec: we all know what your trying to do and thats to win us over to use ur crappy protection and i aint buying all that you say as your as crappy as mcafee so i have my own protection which suits me just fine and i don't have to put up with ur BS and shoddy stuff.

Symantec found 250 different kinds of fake security software

How long before EU forces Microsoft to create ballot screen for the "security software"?

I do understand that many people cannot help themselves getting virus on their pc, so fine, we need antivirus software. Myself, i have not used any AV suite for the last 15 years. Well at work yes, since our policy is we have to. But otherwise i think afew of you hit the nail, when saying 99.99999% of infections is due to stupid or unknowing users.
Yes i use FF with NoScript, and yes i do not download much at home, but through another network where it is possible to check for anything if i have doubts.

I just do not understand why most of you, if you are tech sawy enough, are even running AV... it bugs down pc, and is really not nessesary, unless you like to play with fire

ziph said,
I do understand that many people cannot help themselves getting virus on their pc, so fine, we need antivirus software. Myself, i have not used any AV suite for the last 15 years. Well at work yes, since our policy is we have to. But otherwise i think afew of you hit the nail, when saying 99.99999% of infections is due to stupid or unknowing users.
Yes i use FF with NoScript, and yes i do not download much at home, but through another network where it is possible to check for anything if i have doubts.

I just do not understand why most of you, if you are tech sawy enough, are even running AV... it bugs down pc, and is really not nessesary, unless you like to play with fire ;)

I think one of my favorite quotes from the movie "contact" comes in handy right about now

"There are a thousand reasons we can think of for the occupant of the machine to have this with them but mostly it's for the reasons we can't think of."

I just don't trust the internet, so I run AV software. I know that 99% of the time if you have safe browsing habits, you're probably in the clear, but I don't take any chances. And then you have to worry about other people who may use your computer.. the girlfriend for example, she's a smart girl, but she's not exactly tech savvy.

chevyordeath said,
I just don't trust the internet, so I run AV software. I know that 99% of the time if you have safe browsing habits, you're probably in the clear, but I don't take any chances. And then you have to worry about other people who may use your computer.. the girlfriend for example, she's a smart girl, but she's not exactly tech savvy.

I see your point, and mostly i just wanted to point out, that no AV is also viable if you can secure your pc physically. I do not visit alot of websites on a daily basis that is not in my bookmarks, then mostly forums and such. Oh well, Warwagons points is also fun, and can be true... all I am saying is, that if you really want to be without AV/extra firewall software etc. then it is not a problem if you use the right tools.

Tbh. i might get the MSE, since I am on win7x64, and can get it for free. I most likely would not notice it anyway, running off a brand new second gen intell ssd

i usally would go on a long drawn out comparasion story right now, but i am am lazy at the moment, Short version is this: i have worked on 1500+ machines over the last 9 years, and currently IN MY OPINION there is only 2 things you need right now to stay worry-free from all the bad bugs that are out there. Real Time protection is from AVIRA free edition.... and for a secondary on-demand scanner only MALWAREBYTES free edition. The combination of these two programs working together is amazing. Forget all your other protections suites, and your firewall, and your script blocker! just these two and you will be 99.99% safe.

Billus
Oh wow, Symantec fanboys Never thought I'd see the day lol. As for me, Microsoft Security Essentials covers my needs, I don't get virus's or other disgusting infections.

lol, kid. Not smart to trust Microsoft to protect you from malware !

I see dozens of fake anti virus installs every week. MS Antivirus has a number of other names. It is also known as XP Antivirus, Vitae Antivirus, Windows Antivirus, Win Antivirus, Antivirus Pro, Antivirus Pro 2009, Antivirus 2007, 2008, 2009, 2010, and 360, Internet Antivirus Plus, System Antivirus, Spyware Guard 2008 and 2009, Spyware Protect 2009, Winweb Security 2008, System Security, Malware Defender 2009, Ultimate Antivirus2008, Vista Antivirus, General Antivirus, AntiSpywareMaster, Antispyware 2008, XP AntiSpyware 2008 and 2009, WinPCDefender, Antivirus XP Pro, Anti-Virus-1, and Total Security.

It is known to infect users using Windows, and is browser independent. One infection method involves the Zlob Trojan. Another involves the use of fake codec scams, such as Video ActiveX Enhancement 2.07

It usually slips by every single anti virus out there, and frequently updated to continue evasion.

Oddly enough I just removed Antivirus 2010 from a client's computer last week. System protected by Symantec Endpoint Protection. Guess it missed the mark on that one.

Pinebender said,
Oddly enough I just removed Antivirus 2010 from a client's computer last week. System protected by Symantec Endpoint Protection. Guess it missed the mark on that one.

I was watching a review of norton antivirus 2010 on youtube. He threw 10 bad sites at it. it did pretty good until the last one when he ran a install.exe that appeared on a bad site. After he installed it he had the rouge antivirus. So I wrote down the URL and went into a virtual machine that had Security essentials installed. It also let me run the file and infected my sandbox. So then I thought I would upload the file to http://www.virustotal.com/. After it uploaded it showed me that out of all the antviruses (most on the market) only 3 caught the file. Nod32, Mcafee and I can't remember the other one.

Geez.... enough with the Norton bashing. Nobody hated Norton more than me back in the day. I had to install that bloated piece of crap on peoples computer. They would call me to install it after they already bought it. But the 2009 and 2010 versions are not the same Norton everyone remembers. I can honestly say anyone who is still bashing Norton has not tried the new version, its impossible. If you had you would not still be insulting them. Gosh!

Norton sucks. :devil:

Just playin. Well... mostly. While Norton AV may have gotten better in the last year, I still do not like the parent company. All the "research studies" they're doing to try and discredit other AV and security software is pretty low. Even if NAV was the best AV on the market, I still wouldn't buy it based on the actions of the corporation. They're getting none of my money.

> Millions of computer in the US are infected with fake security software, which their owners may have even paid for

...and every Symantec customer adding to the count...

I think the first step is to teach people how to bring up the "advanced startup menu". No matter how many times you explain it they always **** it up.

Once they master (pressing one key over and over) that then we can start moving on more complicated things.

The problem is 99% from user ignorance.

People running old operating systems.
People not staying up to date with patches.
People not running proper protection.
People who click on everything and install everything.

Maybe when the "people" stop doing bad crap, the "people" with stop suffering.

I do internet security for about 30 government networks and corporate networks, and im constantly notifying them of fake anti-malware showing up in packet logs
it really is a problem

It's true, my colleague had this one of those software. Total crap, I had to reformat to make sure there were no leftovers.

Yeah, I've seen this stuff out there. This fake 'anti-virus' stuff is pretty nasty - to the average user, it looks pretty legit, the UI looks 'official' and in some cases it will even produce fake results of 'viruses' but then tell the user that it can't remove the virus because their subscription is up, and they need to re-new. Nasty stuff, I've removed it from a few computers lately.

It has definitely reared its ugly head the past couple weeks. Have removed it from 7 computers so far. Some have been fairly easy, others not so much.

Antivirus 2010 is actually a pretty slick piece of code, and nasty as hell to get rid of.

One of my users had it on her system, and I was impressed to see that it wouldn't even let me launch Task Manager. I found a sneaky way to root it out, but it took some doing.

I have even come across some spyware/browser hijacker claiming to be Microsoft Antivirus 2009. To say the least it crushed my friend's pc.

As for this topic, which is not a Norton bashing exercise, these types of threats have been around nearly as long as the internet.

Usually the page says, 'you have registry errors and or you seem to be infected with this-that-and-other', 'download

our free blah blah blah to remove it and be safe' etc...

Norton Internet Security 2010 rules...b.t.w.

leesmithg said,
Norton Internet Security 2010 rules...b.t.w.


Norton is the worst at catching fake A/V. I fix PC for a living. I see it all the time. Not a week go by that I don't have to clean a HP (or Compaq) PC that was infected with all sort of thing even if it is running Norton.

leesmithg said,
Maybe you should configure it correctly.

Sonar is a kick backside function, very intrusive but thats what I like.

The average home user can't handle intrusive AV features...they get confused easily ;)

Also, Captain555 is right, Norton is terrible at catching fake A/V. As I said earlier in the thread, malwarebytes is the only client I've found in the past 4 years that has been able to stop/fully remove the fake AV programs.

I purchased and used Norton Internet Security 2010 to protect my computer, only to find that my PC had been compromised. With over 300 days still remaining on my Norton license, I purchased Kaspersky Internet Security 2010 and have to say, it is by far the most sophisticated consumer anti-virus I've seen yet.

Bill Gates should use some of his $50 billion fortune to purchase Kaspersky and give the software away for free to everyone!

That would be a bad idea on MS's part, since, from my experience, Kaspersky slows down the system too much and isn't user friendly. I'd put it up there with Mcafee.

Microsoft Security Essentials is a great product already. All the other stuff isn't good. Plus, this is a really dramatic improvement over OneCare. I just miss some OneCare features.

I don't understand why people bother with Norton when you can legally get and use Avast for free.
I was using Norton 360 3.0 and when I switched to Avast / Comodo I was never happier computer ran faster and had less false positives while detecting more threats with daily updates.
Why pay for something that should be free and out performs the Pay for service by a significant amount.
With the current economy save your $$ and just get Avast

Draganta2000 said,
Avast lacks many things such as Intrusion detection. Just so you know.


Read a little bit. Avast is one of the best out there. And for intrusion, you don't need to rely on just one product. Get Snort.

Captain555 said,
Read a little bit. Avast is one of the best out there. And for intrusion, you don't need to rely on just one product. Get Snort.


Its such a pain to deal with many products that each cover one thing. My school wants us to go that route with 5 free products that are each horrible. I'd rather use 1 product and not clog up my computer, thank you.

Chrono951 said,
Its such a pain to deal with many products that each cover one thing. My school wants us to go that route with 5 free products that are each horrible. I'd rather use 1 product and not clog up my computer, thank you.


I think the saying is: Jack of all trades, master of none. (or something like that).

I rather use 5 products that each do their job in an expert fashion than one that does everything so and so.

I hate those ****ing javascript layovers that fade in while you're reading a site and tells you that site is infected, and it won't let you leave.

vvtunes said,
Install NoScript for Firefox. It prevents non authorized scripts to run.

No, it prevents ALL scripts from running. Until you intervene and allow them.
And that's after 10 minutes of trying to open a link that doesn't seem to do anything, and waiting for a "loading" ajax spinner to dissapear.

cyberdrone2000 said,
No, it prevents ALL scripts from running. Until you intervene and allow them.
And that's after 10 minutes of trying to open a link that doesn't seem to do anything, and waiting for a "loading" ajax spinner to dissapear.

You're using it wrong, then.

NoScript has a "black list" and a "white list" mode. While it defaults to blocking all and only allowing what you specify, it can easily be changed to allow all, and only block what you tell it to do. This is the method I prefer to run it in.
All sites work fine, but if one has a stupid script, it is as simple as a click to block it.

Wow, can't believe it didn't mention Internet Security 2010. I've seen that on other people's computers far too many times.

Granted, my favorite one was NortEn Internet Security. :-P

Kreuger said,
How would Symantec know? Norton is filled with so many false positives, it isnt funny.

Typical uninformed post. See above.

Except I bought Norton years ago and all it did was give me false positives. I quickly moved to a freeware alternative and never looked back. I just wish I had my $60 back.

Kreuger said,
Except I bought Norton years ago and all it did was give me false positives. I quickly moved to a freeware alternative and never looked back. I just wish I had my $60 back.


Wow! You bought a product YEARS AGO and you never tried it since! How enlightened of you to make a comment on the product's CURRENT state! Congrats!

Typical uniformed post about Symantec. They have actually changed their product. It is now much "lighter" on the system. You should give it a shot or at the very least, research their product before sounding like a fool.

I for one have never had this fake security software on my machine at home since I have been using NIS 2009/2010 for the past year 1/2.

However at work where the really install crappy McAfee software, so many people have had the "AntiVirus 2010" software installed on their machines. For whatever reason, McAfee does not catch this.

They've only recently got better, you can't blame people for holding an idea which was correct for a good decade or so.

So, everyone has updated to the latest "lighter" version? There are millions of computers out there with crappy versions of NIS and such. My comment stands.

The Stylish Hobo said,
They've only recently got better, you can't blame people for holding an idea which was correct for a good decade or so.

Yes we can, because it no longer applies.

Oh wow, Symantec fanboys :O Never thought I'd see the day lol. As for me, Microsoft Security Essentials covers my needs, I don't get virus's or other disgusting infections.

Symantec software might be getting much better, and I have used the latest software, and yes it is fairly light on resources and does do a good job of detection, however it is still very obtrusive, and Symantec are always talking crap about other security providers, especially free ones like Avast, which I don't like, because what they say, for the most part, is untrue.

You also can't just **** off millions of users over several years and then just update your software and hope to get them back instantly.

Symantec bounced back with their 2008 editions and it's probably the best paid AV out there.

And while I like and am only using MSE right now, it' s a little early to declare it the best solution on the market.

Ricardo Gil said,
So, everyone has updated to the latest "lighter" version? There are millions of computers out there with crappy versions of NIS and such. My comment stands.

You do know that you can upgrade to the latest version for free as long as you have a valid license right? And since their product has been better for the past two years, most Norton users already have it. Otherwise it's just expired software.

Mikeyx11 said,
You also can't just **** off millions of users over several years and then just update your software and hope to get them back instantly.

Why not? It got me back. They didn't hurt my poor little feelings now. It's just software you know.

Calling Norton AV products Symantec is just stupid they are totally different products!

Norton has and always will remain crapware

But Symantec AntiVirus Corporate Edition is kick arse and I'm yest to find a product that comes close to beating it.

I now use SAV 10.2 + MSE's 64bit

And it's funny SAV always picks up the virus or malware first then about 30 seconds later after its already been dealt with MSE kicks in and wants to save the day lol

I like MSE on Win7 myself atm. I say atm because all of the other av makers should be attacking it as we speak. It's all about the $.

"And it's funny SAV always picks up the virus or malware first then about 30 seconds later after its already been dealt with MSE kicks in and wants to save the day lol"

This may be because you are running 2 AV's (both companies tell you not to do this), and one is operating behind the other (in case it is a virus itself).

Baked said,
I now use SAV 10.2 + MSE's 64bit

And it's funny SAV always picks up the virus or malware first then about 30 seconds later after its already been dealt with MSE kicks in and wants to save the day lol

Hate to break it to you, but SAV corporate doesn't protect against the 'fake security software' apps that this article is about. I've had several users on our network become infected by them, and we're running the latest version. These type of attacks/infections have been a problem for YEARS now, and Symantec/Norton have never been able to stop them...AVG either for that matter. Malwarebytes is the only app I've found so far that has been able to block them or completely remove them once they've rooted themselves in a system.

Billus said,
Oh wow, Symantec fanboys :O Never thought I'd see the day lol. As for me, Microsoft Security Essentials covers my needs, I don't get virus's or other disgusting infections.

while I use MSE on on my computers and my ring of computers I have to do, one of them did get one of these viruses (from failblog.org) while using MSE.
gotta go put in the malware bytes.

Draganta2000 said,
Typical uniformed post about Symantec. They have actually changed their product. It is now much "lighter" on the system. You should give it a shot or at the very least, research their product before sounding like a fool.

I for one have never had this fake security software on my machine at home since I have been using NIS 2009/2010 for the past year 1/2.

However at work where the really install crappy McAfee software, so many people have had the "AntiVirus 2010" software installed on their machines. For whatever reason, McAfee does not catch this.

In fairness, we are forced to use Symantec at work and we had to upgrade all of our machines from basic 2-3ghz single core/1-2gb RAM machines to dual cores just because rtvscan.eve (Symantec's real-time virus scan) would regularly peg the CPU at 90-99% on a regular basis. It made it impossible to even run WinXP, Firefox, and Powerpoint without the machine becoming unresponsive for minutes at a time during important presentations. The IT department refuses to let us use anything lighter so we were forced to buy all new dual core, 4gb RAM systems...to run freaking powerpoint on XP.

Draganta2000 said,
Typical uniformed post about Symantec. They have actually changed their product. It is now much "lighter" on the system. You should give it a shot or at the very least, research their product before sounding like a fool.

I for one have never had this fake security software on my machine at home since I have been using NIS 2009/2010 for the past year 1/2.

However at work where the really install crappy McAfee software, so many people have had the "AntiVirus 2010" software installed on their machines. For whatever reason, McAfee does not catch this.



Norton might be lighter now (it's still more of a hog than the other) but it is the most useless AV out there just after McAfee.

Having said that, let me also say that no AV out there is 100% efficient against every attack out there. Most of the time the problem is between the keyboard and the chair.

Captain555 said,
Norton might be lighter now (it's still more of a hog than the other) but it is the most useless AV out there just after McAfee.

Having said that, let me also say that no AV out there is 100% efficient against every attack out there. Most of the time the problem is between the keyboard and the chair.


What the hell do you mean, "most of the time"? I'd say it's all the time.

neodorian said,
In fairness, we are forced to use Symantec at work and we had to upgrade all of our machines from basic 2-3ghz single core/1-2gb RAM machines to dual cores just because rtvscan.eve (Symantec's real-time virus scan) would regularly peg the CPU at 90-99% on a regular basis. It made it impossible to even run WinXP, Firefox, and Powerpoint without the machine becoming unresponsive for minutes at a time during important presentations. The IT department refuses to let us use anything lighter so we were forced to buy all new dual core, 4gb RAM systems...to run freaking powerpoint on XP.


Ok, something is seriously wrong here. NIS or 306 2009 and 2010 both do scans when the computer is idle and nothing else is running. I've never had Norton running a scan during a program or game or powerpoing. I don't know what you are doing, but running scans while you are using the computer isn't Norton's fault.

Mikeyx11 said,
...however it is still very obtrusive...


Norton never bothers me. I don't even know its there. The only notifications are when its running an idle scan (little transparent box that goes away as soon as I touch the computer) and the monthly report.

Chrono951 said,
Ok, something is seriously wrong here. NIS or 306 2009 and 2010 both do scans when the computer is idle and nothing else is running. I've never had Norton running a scan during a program or game or powerpoing. I don't know what you are doing, but running scans while you are using the computer isn't Norton's fault.

He's talking about the corporate Symantec anti-virus...NOT the Norton consumer product. BIG difference RTV scan is a real time scanner...hence it's scanning in real-time (it doesn't just scan once and a while). It can use quite a bit of resources at times, but the usage he's talking about is out of the ordinary, though it may be due in part to how the client was configured our the setup on the image their IT dept was using.

In defense of the IT department (and speaking as a Sys Admin), standardization is GOOD. It makes it quite a bit easier to manage machines and software in any given environment. So it's definitely understandable that they mandate the AV client used. Symantec corporate can also be managed from a central server. If you're letting users use whatever client they wish, there's no control...it's less secure...more prone to outbreaks.