This year alone they will be responsible for infecting in excess of 25 million computers worldwide, but they could come close to compromising as much as 30 million machines.
At the root of this epidemic lay simple social engineering tactics designed, through various methods, to convince victims to pay for peace of mind. Responsible for the actual infections are pieces of malicious code that the software industry refers to under a variety of monikers, including rogue antivirus, fake antivirus, scareware, etc.
Microsoft has put together a list containing no less than 114 AV rogues which are detected by the company’s antivirus products, including Microsoft Security Essentials, Forefront Client Security, etc. It is important to note that the list contains only the official label provided by the software giant. Each of the items featured below come in a variety of packages and under a plethora of brands, which actually makes the number of fake antivirus in the wild much larger.
Users that have doubts related to a security solution that is being aggressively advertised to them should first check to make sure that the offering is indeed genuine. Microsoft, but also additional members of the security industry, constantly update information on threats posed to end users, including rogue antivirus, and publish it on websites that are available to the public. These details are available to the public, and are essentially no more than a search away, at any given time.
Modus Operandi
“Rogue security software—software that displays false or misleading alerts about infections or vulnerabilities on the victim’s computer and offers to fix the supposed problems for a price—has become one of the most common methods that attackers use to swindle money from victims. These are programs that masquerade as legitimate security programs offering protection from malware, spyware, and other threats, but actually use social engineering to obtain money from victims, and offer poor or nonexistent protection,” the Redmond company reveals in SIRv7.
Fake antivirus will take it upon itself to run a scan of computers belonging to unsuspecting users. Of course that the scan itself and the results offered are both fake. Rogue AV doesn’t actually analyze machines, nor is it capable of detecting any malware, or to remove it. It’s all smoke and mirrors, a show put on to trick users into thinking that their computers is infected with malicious code.
Once installed on a Windows PC, fake antivirus programs will attempt to scare the user into believing that various infections were detected. Rogue security solutions are designed to look very similar to genuine AV products, often copying at least elements of the graphical user interface, if not the whole UI, as well as using brands and labels mimicking, or even plagiarizing valid security offerings.
And integral part of the social engineering tactics deployed is to convince the user that the rogue AV is a genuine security solution, when in fact, much to the contrary, it is only masquerading as such. The fake AV will bombard users with alerts, and annoying, repetitive, incessant notifications, reporting inexistent infections.
At the same time, the rogue AV advertises the possibility of removing the fake infections, provided that users buy the software. Once a license is acquired, the fake AV ceases from delivering fake reports, creating the illusion that whatever malware had compromised the computer, was removed. Obviously, in this scenario, the users have been scammed into paying for protection against an inexistent threat.
114 Windows “antivirus” to avoid at all costs
1. Win32/FakeXPA – Aliases: Win-Trojan/Downloader.56320.M (AhnLab), Win32/Adware.XPAntivirus (ESET), not-a-virus:Downloader.Win32XpAntivirus.b (Kaspersky), FakeAlert-AB.dldr (McAfee), W32/DLoader.FKAI (Norman), Mal/Generic-A (Sophos), XPAntivirus (Sunbelt Software), Downloader.MisleadApp (Symantec), XP Antivirus (other), Antivirus 2009 (other), Antivirus 2010 (other), Antivirus 360 (other), Total Security (other), AntivirusBEST (other), GreenAV (other), Alpha Antivirus, other), AlphaAV (other), Cyber Security (other), Cyber Protection Center (other), Nortel (other), Eco AntiVirus (other), MaCatte (other), Antivirus (other), Antivir (other), Personal Security (other).
2. Trojan:Win32/FakePowav– Aliases: Win Antivirus 2008 (other), SpyShredder (other), WinXProtector (other), Rapid Antivirus (other), Security 2009 (other), Power Antivirus 2009 (other), WinXDefender (other), SpyProtector (other), SpyGuarder (other), MSAntiMalware (other).
5. Program:Win32/DriveCleaner – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro).
7. Program:Win32/Winfixer – Aliases: DriveCleaner (McAfee), W32/WinFixer.NU (Norman), DriveCleaner (Sunbelt Software), DriveCleaner (Symantec), Freeloa.8F4CBEAA (Trend Micro), Win32/Adware.WinFixer (ESET), not-a-virus:Downloader.Win32.WinFixer.o (Kaspersky), WinFixer (McAfee), Adware_Winfixer (Trend Micro), Program:Win32/DriveCleaner (other), Program:Win32/SecureExpertCleaner (other).
8. Trojan:Win32/FakeScanti – Aliases: Windows Antivirus Pro (other), Windows Police Pro (other), Win32/WindowsAntivirusPro.F (CA), FakeAlert-GA.dll (McAfee), Adware/WindowsAntivirusPro (Panda), Trojan.Fakeavalert (Symantec).
10. Program:Win32/MalwareCrush
11. Program:Win32/PrivacyChampion
12. Program:Win32/SystemLiveProtect
14. Trojan:Win32/FakeSmoke – Aliases: SystemCop (other), QuickHealCleaner (other), TrustWarrior (other); SaveArmor (other), SecureVeteran (other), SecuritySoldier (other), SafeFighter (other), TrustSoldier (other), TrustFighter (other), SoftCop (other), TRE AntiVirus (other), SoftBarrier (other), BlockKeeper (other), BlockScanner (other), BlockProtector (other), SystemFighter (other), SystemVeteran (other), SystemWarrior (other), AntiAID (other), Win32/WinBlueSoft.A (CA), Trojan-Downloader.Win32.FraudLoad.vtgpk (Kaspersky), WinBlueSoft (other), WiniBlueSoft (other), Winishield (other), SaveKeep (other), WiniFighter (other), TrustNinja (other), SaveDefense (other), BlockDefense (other), SaveSoldier (other), WiniShield (other), SafetyKeeper (other), SoftSafeness (other), SafeDefender (other), Trustcop (other), SecureWarrior (other), SecureFighter (other), SoftSoldier (other), SoftVeteran (other), SoftStronghold (other), ShieldSafeness (other).
15. Program:Win32/Spyguarder.A
16. Program:Win32/AntivirusGold
17. Program:Win32/SystemGuard2009
18. Program:Win32/WorldAntiSpy
19. Program:Win32/SpywareSecure – Aliases: W32/SpyAxe.AMI (Norman), SpywareSecure (Panda), SpywareSecure (Sunbelt Software), SpywareSecure (Symantec).
20. Program:Win32/IEDefender – Aliases: Win32/Burgspill.AD (CA), IEAntivirus (Symantec), Trojan.DR.FakeAlert.FJ (VirusBuster).
22. Program:Win32/Malwareprotector
23. Program:Win32/SpywareSoftStop
25. Program:Win32/Antivirus2008 – Aliases: Trojan.FakeAlert.RL (BitDefender), Win32/Adware.Antivirus2008 (ESET), not-a-virus:Downloader.Win32.FraudLoad.ar (Kaspersky), WinFixer (McAfee), W32/DLoader.HDZU (Norman), Troj/Dwnldr-HDG (Sophos), ADW_FAKEAV.O (Trend Micro), Program:Win32/VistaAntivirus2008.A (other), MS Antivirus (CA).
26. Trojan:Win32/PrivacyCenter – Aliases: Fake_AntiSpyware.BKN (AVG), Win32/FakeAV.ACR (CA), Win32/Adware.PrivacyComponents (ESET), not-a-virus:FraudTool.Win32.PrivacyCenter (other), not-a-virus:FraudTool.Win32.Agent.jn (Kaspersky), FakeAlert-CP (McAfee), Troj/PrvCnt-Gen (Sophos), SpywareGuard2008 (Symantec).
28. Program:Win32/Trojanguarder
31. Win32/Winwebsec - Aliases: SystemSecurity2009 (other), System Security (other), Winweb Security (other), FakeAlert-WinwebSecurity.gen (McAfee), Mal/FakeAV-AK (Sophos), Troj/FakeVir-LB (Sophos), Adware/AntiSpywarePro2009 (Panda), Adware/UltimateCleaner (Panda), Adware/Xpantivirus2008 (Panda), Win32/Adware.SystemSecurity (ESET), Win32/Adware.WinWebSecurity (ESET), AntiVirus2008 (Symantec), SecurityRisk.Downldr (Symantec), W32/AntiVirus2008.AYO (Norman), Total Security (other), AntiSpyware Pro 2009 (other), FakeAlert-AntiSpywarePro (McAfee).
32. Trojan:Win32/FakeRemoc - Aliases: AntiMalwareSuite (other), VirusRemover2009 (other), PCAntiMalware (other), Total Virus Protection (other), SpywareRemover2009 (other), AntiMalwareGuard (other), Secure Expert Cleaner (other), Cleaner2009 Freeware (other), AVCare (other), AV Care (other).
33. Program:Win32/SpywareStormer
34. Program:Win32/SecurityiGuard
35. Program:Win32/DoctorCleaner
37. Win32/FakeSecSen – Aliases: Micro AV (other), MS Antivirus (other), Spyware Preventer (other), Vista Antivirus 2008 (other), Advanced Antivirus (other), System Antivirus (other), Ultimate Antivirus 2008 (other), Windows Antivirus 2008 (other), XPert Antivirus (other), Power Antivirus (other).
38. Program:Win32/VirusRemover – Aliases: Troj/FakeVir-DR (Sophos), VirusRemover2008 (Symantec), ADW_FAKEVIR (Trend Micro).
39. Program:Win32/Privacywarrior
40. Program:Win32/PrivacyProtector
43. Win32/FakeRean - Aliases: XP AntiSpyware 2009 (other), XP Security Center (other), PC Antispyware 2010 (other), Home Antivirus 2010 (other), PC Security 2009 (other), ADW_WINREANIMA (Trend Micro), Win32/Adware.WinReanimator (ESET), not-a-virus:FraudTool.Win32.Reanimator (Kaspersky), WinReanimator (Sunbelt Software), XP Police Antivirus (other), FakeAlert-XPPoliceAntivirus (McAfee), Adware/XPPolice (Panda), AntiSpyware XP 2009 (other), Antivirus Pro 2010 (other).
44. Program:Win32/Antivirus2009 – Aliases: Win32/Adware.XPAntivirus (ESET), FakeAlert-AB.gen (McAfee), MalwareWarrior (other), Antivirus2009 (other).
45. Program:Win32/AntiSpywareDeluxe – Aliases: Adware.Fakealert-134 (Clam AV), Win32/Adware.AntiSpywareDeluxe (ESET), FraudTool.Win32.AntiSpywareDeluxe.a (Kaspersky), AntispyDeluxe (Symantec), TROJ_RENOS.CP (Trend Micro).
46. Program:Win32/Searchanddestroy
48. Program:Win32/WebSpyShield
49. Win32/InternetAntivirus – Aliases: InternetAntivirus (Symantec), General Antivirus (other), Personal Antivirus (other), not-a-virus:FraudTool:Win32.GeneralAntivirus.b (Kaspersky), Mal/FakeAV-AC (Sophos), TrojanDownloader:Win32/Renos.gen!Z (other), Fraudtool.GeneralAntivirus.C (VirusBuster), Internet Antivirus Pro (other).
50. Trojan:Win32/Antivirusxp – Aliases: Antivirus XP 2008 (other), Win32/Adware.WinFixer (ESET), Generic FakeAlert.a (McAfee), W32/WinFixer.BTB (Norman), Troj/FakeAV-AB (Sophos), AntiVirus2008 (Symantec), Program:Win32/Antivirusxp (other).
55. Trojan:Win32/WinSpywareProtect – Aliases: Win32/Adware.WinSpywareProtect (ESET), Trojan-Downloader.Win32.FraudLoad.aob (Kaspersky), WinSpywareProtect (Symantec), Program:Win32/WinSpywareProtect (other), Trojan.FakeAV.GP (BitDefender), Win32/Adware.MSAntispyware2009 (ESET), Packed.Win32.Katusha.a (Kaspersky), FaleAlert-BV (McAfee), Adware/MSAntiSpyware2009 (Panda), Fraudtool.MSAntispy2009.A (VirusBuster), MS Antispyware 2009 (other), AV Antispyware (other), Extra Antivirus (other).
56. Program:Win32/Fakerednefed – Aliases: WinDefender 2008 (other), Program:Win32/Defendwin (other), Program:Win32/Windefender (other).
57. Program:Win32/Antispyware2008
59. Program:Win32/EvidenceEraser
61. Win32/FakeSpypro – Aliases: FakeAlert-C.dr (McAfee), SpywareProtect2009 (Symantec), Troj/FakeAV-LS (Sophos), Win32/Adware.SpywareProtect2009 (ESET), .Win32.FraudPack.kho (Kaspersky), Spyware Protect 2009 (other), Antivirus System Pro (other), Security Central (other), Barracuda Antivirus (other).
62. Trojan:Win32/FakeCog – Aliases: Win32/Adware.CoreguardAntivirus (ESET), not-a-virus:FraudTool.Win32.CoreGuard2009 (Kaspersky), FakeAlert-FQ (McAfee) , W32/Renos.FIP (Norman) , Mal/TDSSPack-L (Sophos), CoreGuardAntivirus2009 (Symantec), Fraudtool.CoreGuard2009.A (VirusBuster), CoreGuard Antivirus 2009 (other).
64. Adware:Win32/VaccineProgram
65. Program:Win32/TrustCleaner
67. Program:Win32/AntiSpywareExpert – Aliases: Win32/Adware.AntiSpywareMaster (ESET), Generic.Win32.Malware.AntiSpywareExpert (other), WinFixer (McAfee), AVSystemCare (Symantec), AntiSpywareExpert (Trend Micro), not-a-virus:FraudTool.Win32.AntiSpywareExpert.a (Kaspersky).
68. Program:Win32/VirusRanger – Aliases: VirusRescue (Symantec) .
70. Program:Win32/UltimateFixer
73. Program:Win32/SpySheriff – Aliases: Win32.TrojanDownloader.IEDefender (Ad-Aware), MagicAntiSpy (Sunbelt Software), Adware.SpySheriff (Symantec), SpyShredder (Symantec), IEDefender (other), Malware Destructor (other), SpySheriff (other), SpyShredder (other).
74. Program:Win32/Antispycheck – Aliases: Win32/Adware.AntiSpyCheck (ESET), AntiSpyCheck (Symantec).
75. Program:Win32/SpywareIsolator – Aliases: not-a-virus:FraudTool.Win32.SpywareIsolator.ad (Kaspersky), SpywareIsolator (Symantec).
77. Program:Win32/PrivacyRedeemer
79. Trojan:Win32/FakeVimes – Aliases: FakeAlert-CQ (McAfee), Extra Antivirus (other), Ultra Antivirus 2009 (other), Malware Catcher 2009 (other), Virus Melt (other), Windows PC Defender (other).
80. Program:Win32/PCSave – Aliases: Win-Trojan/Pcsave.339456 (AhnLab), PCSave (McAfee).
82. Program:Win32/SpywareStrike
83. Program:Win32/Nothingvirus
85. Trojan:Win32/FakeIA.C - Aliases: Win32/FakeAlert.RW (CA), Dropped:Trojan.FakeAv.DS (BitDefender), FakeAlert-AB (McAfee), Trojan.Fakeavalert (Symantec), not-a-virus:FraudTool.Win32.Delf.d (Kaspersky).
86. Program:Win32/AntispyStorm
87. Program:Win32/Antivirustrojan
89. Program:Win32/AntiSpywareSoldier
91. Program:Win32/AdvancedCleaner – Aliases: AdvancedCleaner (Symantec).
92. Program:Win32/FakePccleaner - Aliases: Program:Win32/Pccleaner (other), Win32/Adwrae.PCClean (ESET), Backdoor.Win32.UltimateDefender.hu (Kaspersky), PCClean (Symantec), Program:Win32/UltimateCleaner (other).
93. Program:Win32/SpywareQuake
94. Program:Win32/WareOut – Aliases: WareOut (McAfee), W32/WareOut (Norman), WareOut (Sunbelt Software), SecurityRisk.Downldr (Symantec), Adware.Wareout (AVG).
96. Program:Win32/SystemDefender
97. Trojan:Win32/FakeSpyguard – Aliases: Spyware Guard 2008 (other), Win32/Adware.SpywareGuard (ESET), FakeAlert-BM (McAfee), SpywareGuard2008 (Symantec), ADW_SPYWGUARD (Trend Micro), System Guard 2009 (other), Malware Defender 2009 (other).
100. Program:Win32/VirusRescue
101. Program:Win32/TitanShield
102. Program:Win32/Easyspywarecleaner
103. Trojan:Win32/Fakeinit – Aliases: Trojan.FakeAlert.AUW (BitDefender), Win32/FakeAV.ABR (CA), Fraudtool.XPAntivirus.BCVY (VirusBuster), Adware/AntivirusXPPro (Panda), AntiVirus2008 (Symantec), Advanced Virus Remover (other), Win32/AdvancedVirusRemover.G (CA).
104. Program:Win32/AntiVirusPro
109. Adware:Win32/SpyAxe – Aliases: VirusHeat (other), ControVirus (other).
110. Program:Win32/Awola – Aliases: not-virus:Hoax.Win32.Avola.a (Kaspersky), Generic FakeAlert.b (McAfee), W32/Awola.A (Norman), Awola (Symantec), JOKE_AVOLA.D (Trend Micro).
111. Program:Win32/MyNetProtector
113. Program:Win32/DoctorAntivirus
114. Program:Win32/UltimateDefender – Aliases: Ultimate (McAfee), UltimateDefender (Symantec), ADW_ULTIMATED.ME (Trend Micro), Risktool.UltimateDefender.A.Gen (VirusBuster), Adware.UltimateX-15 (Clam AV), Win32/Adware.UltimateDefender (ESET).
Microsoft Security Essentials 1.0 can be downloaded for free via this link.