Phony anti-virus harms computers

Selling fake anti-virus programs or rogue-ware is proving to be a new and more aggressive trend, says Panda Security's anti-malware laboratory.

“Until now, when a computer was infected by this type of malware, users would typically see a series of warnings prompting them to buy a pay version of the program.” However, these technologies are now being combined with ransom-ware, hijacking the computer and rendering it useless until victims complete the purchase, Panda points out.

According to Jeremy Matthews, head of Panda's sub-Saharan operations, the way this rogue-ware operates presents a dual risk. “Firstly, users are tricked into paying money simply in order to use their computers; and secondly, these same users may believe they have a genuine anti-virus installed on the computer, thereby leaving the system unprotected.”

Once a computer is infected, any attempt made by the user to run a program or open a document will be frustrated. The only response from the computer will be to display a message falsely informing the victim that all files are infected, with the only solution being to buy the fake anti-virus, he adds.

Matthews says this fake program, called Total Security 2009, is on offer for almost R600. “Victims are also offered 'premium' tech support services for an additional R150.” Users who pay the “ransom” will receive a serial number, according to Matthews. This will then release all files and executables, allowing them to work normally and recover their information. “The fake anti-virus, however, will remain on the system.

“Users are often infected unknowingly - in most cases, through visiting hacked Web sites, and once a computer is infected it is extremely difficult to eliminate the threat, even for those with a certain degree of technical knowledge,” says Matthews.

Users are also prevented from using any type of detection or disinfection tool, as all programs are blocked. “The only application that can be used is the Internet browser, conveniently allowing the victim to pay for the fake anti-virus software.”

Panda says it has published the serial numbers required to unblock the computer if it has been hijacked, on the PandaLabs blog. “Users can then install genuine security software to scan the computer in-depth and eliminate all traces of the fake anti-virus.”

PandaLabs says the shift towards hijacking computers indicates that either users are becoming more adept at recognising these threats or security companies are beginning to close the net. According to the company, this would explain why hackers are becoming more aggressive in the methods used to force the victims into paying.