Report finds fake antivirus on the rise

Malware posing as antivirus software is spreading fast with tens of millions of computers infected each month, according to a report to be released on Wednesday from PandaLabs.

PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. In a year, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview.

"We've created a specific team to deal with this," he said, of the rogue antivirus software that issues false warnings of infections in order to get people to pay for software they don't need. The programs also typically download a Trojan or other malware.

PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda antivirus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with rogue antivirus programs.

About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to Corrons.

Last September, a hacker was able to infiltrate rogue antivirus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said Sean-Paul Correll, a PandaLabs threat researcher.

A Finjan report from March estimated that fake antivirus distributors can make more than $10,000 a day.

"The general consumer doesn't understand" the threat, Correll said. "No legitimate antivirus vendor will start a scan automatically on your computer without your consent."

After all the hoopla about the Conficker threat, researchers seemed almost relieved that it turned out to distribute fake antivirus software instead of something much worse.