Panda Security researchers document the troubling use of fake antivirus software
Rogue antivirus first surfaced only four years ago, but today it makes up about 11.6% of all malware, according to PandaLabs, the research arm of Panda Security.
It looks like the cybercriminals behind rogue antivirus software are keeping it fresh, according to the PandaLabs Annual Report 2010 (PDF), which documents many of the common threats and trends that dominated 2010. The researchers found that 40% of all rogue antivirus programs were created in 2010. Of more than 5.6 million individual examples of fake antivirus programs, nearly 2.3 million were detected between January and November of 2010.
According to the report:
If we analyze all the examples classified of this type of threat with respect to all malware contained in our Collective Intelligence database (the automatic system we use to detect, analyze and classify 99.4% of the 63,000 new threats that appear every day), some 11.6% are fake antivirus programs. And let’s not forget that this database contains all the malware detected in the 21 year history of our company, while rogueware only emerged four years ago.
Panda estimates that about 53% of computers users have been infected at some time by malware, even with protection installed and up to date. That leaves plenty of revenue opportunities for fake antivirus peddlers. According to Panda, they’re taking in about $34 million a month.
Here’s the malware type breakdown based on an analysis of 60 million malware files analyzed by Panda:
- Trojans: 55.9%
- Traditional viruses: 22%
- Adware: 17%
- Worms: 10%
- Spyware: 5.7%
We’ve written about some of the social engineering attempts used by rogueware pushers. In October there was a report of Rogue antivirus spoofing Google and Firefox attack warning pages. In March, an Amazon phishing scam duped people into downloading a fake antivirus program. PandaLabs also found new rogueware using ransomeware technology.
The good news is that enterprises can benefit by educating end users about the dangers of these programs. Some experts say a little education over time helps. Finally, many standard antimalware programs can detect the phony malware.