Don’t you hate it when that screen pops up saying your computer has been infected; click here to download software to clean it. It’s not only annoying but, it can cause serious damage to your computer. But, when do you know the alert is legit or malware?
“There are many versions of fake AV currently circulating on the Internet today,” said Raul Alvarez, senior security researcher for Fortinet’s FortiGuard Labs in Sunnyvale, Calif. “While there are different variations, styles and names, they all share a common feature set.”
One thing to look for, if the asks for payment. The fake AV appears to be real because of their professional-looking graphical user interface. When it gets into your computer, it launches the interface and pretends to begin “scanning” the computer. When it is finished “scanning,” it typically states you have been infected and to clean your computer, you need to pay.
Don’t fall for it because once you enter your credit card number, the information is sent to identity thieves in various countries.
Or, the fake AV will load malware onto your computer. Now, your computer is infected and you paid for it.
Alvarez has a warning for people. A new more sophisticated fake AV is out there. He and his team recently found the new variant and named it W32/FakeAV.RA!tr.
“Once the malware is installed, an infected user receives a warning message that reads the software has discovered a spyware infection,” Alvarez said.
What is different about this fake AV? Instead of using random AV software look, this actually uses the look of the real anti-virus software you have installed on your computer. It will usually start “scanning” your PC.
“Once the detection phase is complete, a new window appears that displays the number of infections the software has discovered. The window also includes an option for the user to remove the detected threats or ‘Continue unprotected.’ Common sense dictates a user selects remove the ‘threats.'”
If you continue to click to remove, it then asks for your credit card info. That’s when things get ugly.
“This version of fake AV displays a warning message whenever a user tries launching a program and is particularly nasty as it doesn’t allow a user to launch any applications from their computer,” Alvarez said.
So, how do you protect yourself? Install genuine anti-virus software and know the ins and out of it. If your anti-virus doesn’t update automatically, know what the software pop-ups look like when an update is available.
“Don’t forget, you already paid for the software on your computer,” Alvarez said, “so if you are being asked to pay for something, it is fake.”
If you do get infected by a fake AV, scan your computer with your legitimate anti-virus software. If it’s blocked by the fake AV, reboot your computer in “safe” mode and scan again.
“In addition, it is advised to do an ‘offline scan,” Alvarez said. “This means a computer should to be scanned and cleaned outside of the full operating system to complete remediation. This requires a restart into the Windows Pre-installation Environment (WinPE) to run a scanning utility, such as Windows Defender Offline scan tool.”