Fake Anti-Virus Launches Legit AV Uninstalls

A new variation on the Fake Anti-Virus scam actually launches legitimate uninstallers of anti-virus programs from Symantec, Microsoft, AVG and others.

Keith Ferrell, Contributor

August 23, 2010

2 Min Read

A new variation on the Fake Anti-Virus scam actually launches legitimate uninstallers of anti-virus programs from Symantec, Microsoft, AVG and others.The phony anti-virus scam keeps getting new wrinkles, the latest being a pop-up Anti-Virus alert that warns users that their security program is uncertified and must be replaced. When the alert is clicked, it launches the user's legitimate anti-virus uninstall program.

As Symantec reported, the fake a-v alert box starts the uninstall no matter where the user clicks. The pop-up's close button is as malicious as its OK button.

Symantec notes that the Trojan carries uninstall launchers for "Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs." I would imagine that it won't be long before other security vendors find their products' uninstallers added to the payload.

Once the user's legit security software is uninstalled, the Trojan replaces it with "AnVi Antivirus" which is itself a variant of the well-known CoreGuard anti-virus scamware.

With fake anti-virus alerts counting for as much as 15% of malware, you can place a pretty safe bet that new approaches and variations will continue to appear, keeping the attack effective.

If you haven't reminded your staff of the prevalence -- and persistence -- of fake a-v threats in awhile, this is a good time to do so. Let them know that:

No anti-virus pop=up warning or alert should ever be taken seriously (other than as a threat). And remind them that no pop-up should be clicked at all, including its close button. The window should be closed, and users should immediately double-check their legitimate anti-virus programs, including an update of virus definitions.

Obviously, fake anti-virus warnings aren't going away, but employee gullibility -- and in consequence your company's vulnerability -- can be dramatically reduced just by spreading the word, and continuing to on a regular basis, and certainly with every new variation on the attack.

The uninstaller ploy is a good place to start.

Read more about:

2010

About the Author(s)

Keith Ferrell

Keith Ferrell

Contributor

See more from Keith Ferrell
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now