the dangers of fake antivirus software
Post on 06-Aug-2015
296 Views
Preview:
TRANSCRIPT
The dangers of fake AntiVirus software
Quick Heal Technologies Private Limited
Agenda For the Webinar
What is a fake AntiVirus
How does a fake AntiVirus spread
Behavior of fake AntiVirus
Avoiding fake AntiVirus
How can Quick Heal help
What is a fake AntiVirus?
Fake AntiVirus is security software which pretends to find dangerous security threats—such as viruses—on your computer
The initial scan is free
If you want to clean up the reported “threats”, you need to pay
The reported “threats”, in reality do......
Not Exist
Users end up paying money
for fixing problems which do not exist.
Some Examples
How does a fake AntiVirus spread
How does a fake AntiVirus spread
• Black Hat SEO Fake music download pages require a user
to download a codec
Codec is actually an executable file of fake AntiVirus
Fake AntiVirus authors ensure that links for fake AntiVirus download sites feature prominently in search results when a user searches for 'AntiVirus' using a search engine
How does a fake AntiVirus spread
• Spam Campaigns Fake AntiVirus is often sent directly as an
email attachment or as a link in a spam message
Spam messages are generally sent through emails and instant messaging platforms or chat applications
Social engineering techniques are used in the messages to trick users into taking desired actions
How does a fake AntiVirus spread
• Some classic spam campaigns Account suspension scams
Ecard scams
Password reset scams
Package delivery scams
How does a fake AntiVirus spread
• Fake AntiVirus downloads by other malware
Fake AntiVirus can be downloaded onto a machine by other types of malware
Pay-per-download model exists where hackers are paid to infect users’ computers
How does a fake AntiVirus spread
• Drive-by download attack A website is prepared with malicious scripts
that exploit vulnerabilities in the web browser or one of its plugins
The fake AV malware is installed automatically, without the user’s knowledge or consent
Behavior of a fake AntiVirus
Behavior of a fake AntiVirus
• Registry Installation Creates a registry entry that will run the
executable on system startup
The installer is often copied into the user’s profile area or temporary files area on the system
A run key entry is then created in the registry that will run the file when the system starts up
Behavior of a fake AntiVirus
• Fake Scanning Pretends to scan the computer and find
non-existent threats
Sometimes, it even creates files full of junk that will then be detected
A run key entry is then created in the registry that will run the file when the system starts up
Behavior of a fake AntiVirus
• Register and Activate Once the fake threats have been discovered
users are told they must register or activate
Credit card details and other details are captured on the registration website
These pages look convincing with the use of logos, trademarks etc.
Behavior of a fake AntiVirus
• Other undesired actions
Process termination
Webpage redirection
Installation of more malware
How to identify a fake AntiVirus software
How to identify fake AntiVirus software
Exaggerated Notifications
Pay Per Clean
Every Scan Detects Infections
Bucket Full of Alerts and Notifications
Google is not Speaking Well About it
Threat to mobile devices
Not just desktop....
Fake AntiVirus also affects mobile devices
A few months ago, Quick Heal detected this Android malware as Android.Agent.BU. (Mobile Security)
Fake AntiVirus on mobile
Before installation, the application asks the user for administrator rights
It displays two options – ‘Cancel’ and ‘Activate’
Even if the user chooses the ‘Cancel’ option, the application gets installed and takes the administrator rights anyway
Fake AntiVirus on mobile
After the fake AntiVirus gets installed, it provides the user with multiple options for scanning the mobile device
Choosing any of these options will trigger the application to execute malicious activities in the background
Fake AntiVirus on mobile
• This malware is designed to perform the following activities in the background:
Stealing the information from the compromised phone and sending it to the attacker
Stealing text messages from the device’s inbox
Erasing user data from the compromised phone and even SD card data
Calling and sending SMS’s to premium numbers, without the user’s knowledge
Avoiding fake AntiVirus
Avoiding fake AntiVirus
Eliminate vulnerabilities by keeping your OS and applications updated
Be cautious about search engine results
Type the URL into the address bar
Beware of web surfing dangers
Don’t open unexpected attachments
Think about that link before you click it
Avoiding fake AntiVirus
• If the computer is affected
DO NOT click anywhere on the scareware message window
Press <Ctrl>-<Alt>-<Delete> (all at the same time) to bring up the Task Manager
Click on the name of the scareware program (under Applications) to highlight it and then click “End Task”
Disconnect the computer from the Internet and shut down the computer
Seek further assistance
How can Quick Heal help
Quick Heal Khareedo Gaadi Jeeto Contest
Write to us at: corporatecommunications@quickheal.co.in Follow us on: Facebook - www.facebook.com/quickhealav Twitter - www.twitter.com/quickheal G+ - www.bit.ly/QuickHealGooglePlus YouTube - www.youtube.com/quickheal SlideShare - http://www.slideshare.net/QuickHealPPTs Visit us: Website - www.quickheal.com Official Blog - blogs.quickheal.com
Thank You!
References
• http://en.wikipedia.org/wiki/Rogue_security_software
• http://blogs.quickheal.com/wp/fake-android-antivirus-alert/
• http://blogs.quickheal.com/wp/tips-to-identify-fake-antivirus/
• http://www.cs.ucsb.edu/~vigna/publications/2011_stone_abman_kemmerer_kru
egel_steigerwald_vigna_FakeAV.pdf
top related