Google Sees Fake AV Threat

Not only is fake anti-virus software increasingly common, but it delivers half of the malicious ads detected.
Fake anti-virus software is on the rise and currently accounts for about 15% of all malware detected, according to a forthcoming report from Google.

Fake anti-virus software purports to be software than can find and remove malware. But in fact it's malware, the very thing it's supposed to eliminate.

Fake AV software typically pretends to scan the victim's computer and to find some form of malware, at which point it seeks payment from the victim to remove the non-existent malware.

Whether or not there's a payment, the fake AV software may install more malware.

Computer users often come into contact with fake AV software through spam Web sites and online ads, which explains why Google is interested in the topic.

Beyond its general concern with maintaining user trust and security, Google wants to make sure that online ads don't become such a pervasive means of malware delivery that users reject legitimate marketing as a risk.

In a blog post on Wednesday, Google security engineer Niels Provos said, "[T]he Fake AV threat is rising in prevalence, both absolutely, and relative to other forms of Web-based malware."

Google's forthcoming report, slated for presentation later this month at the Workshop on Large-Scale Exploits and Emergent Threats (LEET) in San Jose, Calif., says the company found 11,000 domains involved in distributing fake AV software over the past 13 months.

The report, "The Nocebo Effect on the Web: An Analysis of Fake AV distribution," says that fake AV attacks represent 60% of the malware found on Web sites that include trending keywords -- popular search terms that generate visitor traffic.

It also says that fake AV software is responsible for 50% of all malware delivered via online ads, five times more than a year ago.

In a related note, Google's Postini Q1 spam report indicates that despite several high profile botnet takedowns, spam volume as a percentage of total e-mail volume remains steady.

"This suggests that there's no shortage of botnets out there for spammers to use," said Gopal Shah, from Google's Postini team, in a blog post. "If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns."