Stability Networks Blog

Fake Anti-Virus: The modern-day Trojan horse

Lee Lovell - Thursday, August 25, 2011

The term ‘social engineering’ is one that is little understood. Previous to my research from this article, I even thought that ‘social engineering’ was a good thing. The truth, it turned out, quite far from that.

Social engineering, in the security realm, is defined as the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, according to csoonline.com. It is by this form of fraud that many different types rogue software are able to get computer users to willingly install their software on their computers.

One common type of rogue software that uses social engineering to gain access to your computer is fake anti-virus program. Surprisingly, a 2010 study by Google found that 50% of all malware download through internet advertising came from these fake anti-virus programs. As you can see, this is no small issue but the problems it causes can be easily avoided. As the old adage goes, an ounce of prevention in this case is definitely worth a pound of cure.

To understand just how these fake anti-virus programs work, a comparison to the mythic Trojan War is actually quite fitting. As the story goes, the Greeks were involved in a lengthy war against the city of Troy. As a peace offering, the Greeks constructed a giant wooden horse and gave it the Trojans. Unbeknownst to them were the 30 elite soldiers hidden inside. Once the horse was taken inside the men escaped and opened the city gate, allowing the Greeks inside the city wall to finally conquer the city of Troy. 



Fake anti-virus programs work in a similar fashion. Like in the image above, one will stumble upon a message saying that their computer is infected and that if you click the provided link, they will remove the problem. It would seem great to have that software come in to save the day but just like the soldiers hiding inside the horse, their only object is to deceive and destroy.

Once a user chooses to install the program, the software then hijacks the system. Having had control given them over the computer by the user, the software then will display unwanted ads pressuring the user into buying the software. Often they will also install viruses, key-loggers, spyware and other types of malicious software. These programs can be very difficult to remove.

Here at Stability Networks we see this problem often but many times it could have easily been avoided. By following the steps below, you can make sure that these rogue security programs do not comprise the stability and security of your computer.

  • Use a firewall

This helps prevent unauthorized connection from being made to your computer. The firewall should always be left on.

  • Make sure your system is up-to-date

This prevents malicious software from using software exploits to gain access to your computer. Always update your computer to ensure those vulnerabilities do not exist.

  • Use caution when clicking links

If any link looks suspicious, don’t click it! Even if the suspicious link is from a trusted source, contact them about link before you click it.

  • Use a standard user account rather than an administrator account

This will prevent malicious software from making changes to operating system-level files. When you have an administrator account, any file can make can make changes to system-critical files without your permission.

  • Familiarize yourself with common phishing schemes

This is help you know what to look out when these programs are trying to deceive you. Many easily identifiable characteristics will help you know if something is a fraud.

  • Use a popular anti-virus and anti-malware software solution

This will help remove malicious software it is does make it to your computer. Software like AVG Anti-Virus and Malwarebytes’ Anti-Malware Pro both provide real-time monitoring of your system. Always keep them updated.

For a thorough examination of how rogue security software works, visit this link: http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/


find us online

Stay in touch with Stability Networks all over the web.

corporate contacts
  • IDAHO
  • 208.344.0050
  • 2404 Bank Drive, Suite 100
  • Boise, Idaho 83705
  • UTAH
  • 774 E. 3300 S., Suite 200
  • Salt Lake City, UT 84106