Fake Anti-Virus Launches Legit AV Uninstalls - InformationWeek
Government // Mobile & Wireless
11:28 AM
Keith Ferrell
Keith Ferrell
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Fake Anti-Virus Launches Legit AV Uninstalls

A new variation on the Fake Anti-Virus scam actually launches legitimate uninstallers of anti-virus programs from Symantec, Microsoft, AVG and others.

A new variation on the Fake Anti-Virus scam actually launches legitimate uninstallers of anti-virus programs from Symantec, Microsoft, AVG and others.The phony anti-virus scam keeps getting new wrinkles, the latest being a pop-up Anti-Virus alert that warns users that their security program is uncertified and must be replaced. When the alert is clicked, it launches the user's legitimate anti-virus uninstall program.

As Symantec reported, the fake a-v alert box starts the uninstall no matter where the user clicks. The pop-up's close button is as malicious as its OK button.

Symantec notes that the Trojan carries uninstall launchers for "Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs." I would imagine that it won't be long before other security vendors find their products' uninstallers added to the payload.

Once the user's legit security software is uninstalled, the Trojan replaces it with "AnVi Antivirus" which is itself a variant of the well-known CoreGuard anti-virus scamware.

With fake anti-virus alerts counting for as much as 15% of malware, you can place a pretty safe bet that new approaches and variations will continue to appear, keeping the attack effective.

If you haven't reminded your staff of the prevalence -- and persistence -- of fake a-v threats in awhile, this is a good time to do so. Let them know that:

No anti-virus pop=up warning or alert should ever be taken seriously (other than as a threat). And remind them that no pop-up should be clicked at all, including its close button. The window should be closed, and users should immediately double-check their legitimate anti-virus programs, including an update of virus definitions.

Obviously, fake anti-virus warnings aren't going away, but employee gullibility -- and in consequence your company's vulnerability -- can be dramatically reduced just by spreading the word, and continuing to on a regular basis, and certainly with every new variation on the attack.

The uninstaller ploy is a good place to start.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll