Round here, we're more than a little concerned about fake/rogue antivirus (and other fake security software). It's an ugly form of ransomware that hurts its victims in many ways.

It scares them by threatening dire consequences and damage from malware that doesn't exist (except in the sense that the fake AV is itself malware), in order to trick them into buying software that's at best useless and usually actively malevolent.

It causes direct damage to systems by installing software that stops them from functioning properly.

It exposes those victims who do pay up to further scams, fraud and identity theft, as well as other kinds of attack.

ESET's Cristian Borghello looked at these issues last year in a white paper here, and the Research team has blogged on them many times. Now Reuters have published an interesting and very useful article by Jim Finkle focusing on a particular source of some of this unpleasantness: according to Finkle:

"The FTC succeeded in persuading a U.S. federal judge to order Innovative Marketing and two individuals associated with it to pay $163 million it had scammed from Americans."

But this isn't where the damage stops. Fake security software is an attack on the credibility of real security products and professionals, making it harder than ever for consumers to tell the difference between security truth and falsehood, . Admittedly, a certain sceptism is not unhealthy when it comes to marketing claims, and I'm not going to try to sell you on any simplistic "what's good for the security industry is good for America" claims. But when scammers try to stop legitimate security software from working, to blur the distinction between real and fake solutions, and to tie security companies up in legal knots (as Juraj Malcho reminds us) to deter them from detecting malicious software, they're helping no-one but themselves.

One little niggle, though: I wish Reuters hadn't prefaced the article with a summary referring to this kind of scareware as "viruses". I know lots of people continue to say "virus" to describe all kinds of malicious software, not just self-replicating malcode, but it confuses people, annoys antique AV researchers, and scares the horses. Well, not the Trojan horses...

David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/