Google: Fake antivirus is 15 percent of all malware
Google report shows that fake antivirus scams as a percentage of total malware have risen five-fold over the past year.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
A rise in fake antivirus offerings on Web sites around the globe shows that scammers are increasingly turning to social engineering to get malware on computers rather than exploiting holes in software, a Google study to be released on Tuesday indicates.
Fake antivirus--false pop-up warnings designed to scare money out of computer users--represents 15 percent of all malware that Google detects on Web sites, according to 13-month analysis the company conducted between January 2009 and February 2010.
That's a five-fold increase from when the company first started its analysis, Niels Provos, a principal software engineer at Google, said in an interview.
Meanwhile, fake antivirus scams represent half of all malware delivered via advertisements, which is becoming a problem for high-profile sites that rely on their advertisers and ad networks to distribute clean ads.
Researchers also found that over the course of the study, domains used for distributing the malware were online for shorter and shorter periods of time in the face of Google's Safe Browsing technology. Used in Chrome and Firefox, Safe Browsing helps alert Web browsers to sites hosting malware, Provos said.
Fake antivirus is easy money for scammers, Provos said.
"Once it is installed on the user system, it's difficult to uninstall, you can't run Windows updates anymore or install other antivirus products, and you must install the [operating] system," rending it unusable until it is cleaned up, he said.
Provos said when encountering a fake antivirus message, Web surfers should close the browser and restart the program. People who are duped by the scam may have to get professional help in cleaning up the computer, he said. They should also monitor their credit card accounts because scammers can use the credit card information for identity fraud.