Scareware Tricks Users Into Removing Antivirus Software
Version of the widespread "retrovirus" CoreGuard Antivirus, called AnVi Antivirus, aims for many well-known AV programs, warns Symantec.
Slideshows: 12 CIOs' 'Career Killer' Pet Peeves
|(click for larger image and for full photo gallery)|
The trick up the software's sleeve is that it actually uses legitimate antivirus programs' own uninstallers to get users to uninstall the software.
More Hardware Insights
- The Critical Importance of High Performance Data Integration for Big Data Analytics
- Simplifying Desktop Virtualization - Really!
- Beyond Cost Savings: Four Compelling Reasons to Expand Virtualization of Your IT Environment
- Data center consolidation restructures your IT costs for continued growth: New discovery tools determine logical and physical move dependencies to help limit risk
In particular, if a user executes a malicious file -- generally dubbed Trojan.FakeAV by Symantec -- it launches a system-level popup window warning them that their currently installed antivirus product isn't certified and is compromising system performance, and should be uninstalled. Regardless of whether or not a user clicks "ok" or simply closes the window manually, AnVi then launches the legitimate antivirus software's uninstaller. At that point, a user would need to click the actual "uninstall" button for the software to be removed.
Interestingly, the malicious file -- which may be installed by malware, drive-by downloading, visiting fake antivirus websites, or come bundled with other software -- actually searches out currently installed antivirus software in the Windows registry subkey, then "launches the uninstaller for certain legitimate antivirus software," said Symantec.
At the same time, the malicious file attempts to download AnVi Antivirus, a new clone of retrovirus CoreGuardAntivirus2009, not to be confused with the Vormetric technology of the same name. Once activated, "the program reports false or exaggerated system security threats on the computer," said Symantec. "The user is then prompted to pay for a full license of the application in order to remove the threats."
However, the fake antivirus program itself is the threat, and provides no antivirus functionality.
As virtual servers, storage, and applications become the norm in the data center, vendors are offering products to consolidate host communications into a single channel and manage that channel with a central appliance. Get the lowdown on the various options before diving in. Download our report here (registration required).