Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Number of fake antivirus attacks has decreased considerably, researchers say

New versions are still coming out, but distribution is not as aggressive anymore

The frequency of attacks that distribute fake antivirus software, a long-time pillar of the underground economy, has decreased considerably in recent months. However, security researchers warn that the industry is not yet dead and new versions of attacks continue to be released.

According to a new report from antivirus vendor Kaspersky Lab, the rate of fake antivirus attacks in June was somewhere between 50,000 and 60,000 per day, but their frequency has dropped to under 10,000 a day.

The impressive drop is the result of several factors, including law enforcement efforts, improvements in search engine filtering algorithms, and actions undertaken by the security community to disrupt cybercriminal distribution networks.

"This decline is related to some good job done by the law enforcement and security industry in this field, shutting down some of the networks they were using," said Luis Corrons, technical director of Panda Security's threat research laboratory.

His opinion is shared by Sean Sullivan, a senior security advisor at Finnish antivirus vendor F-Secure. "They were shut down and an investigation was launched," he said referring to recent international law enforcement actions that targeted major scareware operations.

Back in June, authorities in Russia arrested Pavel Vrublevsky, the co-founder of Russian payment processor ChronoPay, who has long been suspected of running one of the biggest fake antivirus affiliate programs.

At around the same time, authorities in the U.S., Ukraine and several other countries seized computer servers and other equipment used for scareware distribution, some believed to be linked to the infamous Conficker worm.

However, according to Bogdan Botezatu, a researcher with antivirus company BitDefender, this is not the only reason for the changes seen on the scareware market. "The decline in Fake AV attacks is probably related to the fact that search engines have improved their filtering algorithms in order to prevent poisoned search results from showing on top," he said.

"We have been closely monitoring this issue in intervals where specific searches spiked (such as the death of Gaddafi or the alleged death or President Barrack Obama) and we didn't see any attacks involving rogue AV," the researcher added.

Black hat search engine optimization (BHSEO), or search-result poisoning attacks, leverage the page rank of legitimate, but compromised, websites to push malicious links at the top of search results. This has been one of the primary methods of getting users to fake antivirus websites for a long time.

Botezatu believes that some scareware gangs have already moved to something else, like the Facebook survey scams, which require less investment and are easier to maintain. However, Botezatu and Corrons agree that this fortunate turn of events is only temporary.

In fact, Kaspersky Lab's Vyacheslav Zakorzhevsky warns that new scareware variants and even new affiliate programs have already appeared. "New versions of this type of malware continue to emerge. [...] We discovered an affiliate program called 'Money Racing AV'," he announced Thursday in a post on the company's blog.

Even if the risk of encountering such threats is now lower and the methods of distribution are limited, users should continue to scrutinize unexpected security alerts for legitimacy. "Don't pay for any solution arriving unannounced over the Internet and make sure you install a genuine security product," Zakorzhevsky stressed.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: BitDefender, Facebook, F-Secure, Kaspersky, Kaspersky Lab, Panda, Panda Security
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: kaspersky lab, panda security, security
Latest Blog Posts
Whitepapers
  • Best Practices for Oracle License Management: Optimise Usage and Minimise Audit Liability
    With Oracle audits on the rise, organisations that can best align license agreements with actual database and option usage can reduce their financial risk and maximise the value of their Oracle investments. The goal is to “right-size” Oracle across the enterprise and gain control over the entire license management process – from accurate needs projections and licensing negotiations, to deployments and audit preparation. Read on.
    Learn more »
  • Reducing Costs Through Better Server Utilisation
    By consolidating systems onto the latest server technology and taking advantage of virtualization techniques, enterprises can optimize datacenter efficiency, gain flexibility, and reduce operating costs—without sacrificing performance or impacting service levels. Read on.
    Learn more »
  • Oracle Exadata - Extreme performance, lowest cost.
    As organizations contend with escalating demands for greater quantities of information, more sophisticated data analysis, and a burgeoning user population, Oracle Exadata makes database workloads faster, easier to manage, and less expensive. Oracle Exadata is the world’s first database machine to provide extreme performance for both data warehousing and online transaction processing (OLTP) applications. Read this whitepaper.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments