Fake Antivirus Software Showing up on Legit Websites

« TDSS Botnet Has a Firefox Add-On?! | Main | 2011 Security Research Grant/Gift Award Winners »


Fake Antivirus Software Showing up on Legit Websites

Kevin R. Smith

For a while it seemed the fake antivirus software world was going to continue growing unchecked, but as pointed out by ZDNet's Ed Bott in his piece Who killed the fake antivirus business?
The fake-antivirus business was a big money-maker in the first half of this year.

"Then, at the end of June, fake-AV products practically disappeared from the web.

"Was it technology, or does traditional law enforcement deserve the credit?
Ironically, just two weeks after his piece, uTorrent (a company offering legitimate BitTorrent software) saw their web servers hacked into and their legitimate BitTorrent software replaced with fake antivirus software.

As it turns out, the server in question, according to the geek.com piece, was only online with the phony antivirus software/malware for an hour and 40 minutes, from 4:20AM 'til 6AM PST.

A response of under two hours to identify the breach and take the server offline, especially in the wee hours of the morning, is really quite good. (Unless, of course, you downloaded uTorrent in that block of time.)

Here's what one version of the Security Shield fake antivirus software looks like:

(Notice the bad grammar in the fake software's interface, Protect your PC in new level.)

Matthew Humphries, the geek.com writer behind the story, goes on to say,
uTorrent has now apologized and managed to get their servers back online after removing the rogue files.

"If nothing else this should act as a reminder to everyone to ensure any files you download from the Internet are scanned with a reputable security scanner before being run, as clearly you can’t trust legitimate sites all of the time.
I couldn't have said it better myself.

And that, my friends, is why antivirus software is a must.

Even huge companies like Sony have suffered major break-ins in recent months, like Sony's entire Playstation Network (PSN) being taken down for weeks as a result, so even when you're downloading software from a known, trusted source, who's to say their servers haven't been compromised?


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.