WARNING! New Malicious ‘Anti-Airus’ Software Scams

Posted: 15/11/2010 in Cyber Crime, Hacking, In The News, Windows
Tags: , , , ,

Malicious anti-virus scams (also known as ‘rogue AV’) involve web users being misled into downloading and paying for anti-virus software that is actually malicious software in disguise. Learn more about how these scams work, what the risks are, and the simple steps you can take to avoid becoming a victim.

What is ‘malicious anti-virus’?

Malicious anti-virus scams (also known as ‘rogue AV’) involve web users being misled into downloading and paying for anti-virus software that is actually malicious software in disguise.

Malicious AV scams enable online criminals to:

  • trick you into paying them money
  • steal valuable personal information, such as credit card details
  • mislead you into helping them download malware onto your own computer
  • take control of your computer in order to commit other online crime

They do this by:

  • tricking you into paying for anti-virus software that is fake or is available for free elsewhere on the internet – this can be a one-off payment or a ‘subscription’


  • persuading you to downloading ‘AV software’ that is actually malware in disguise

How does it work?

There are a number of scams criminals can use to trick you into downloading malicious AV software:

  • Cold calling – sometimes called ‘bogus IT helpdesk’ calls
  • Tricking webmasters into hosting malicious pop-ups on their websites
  • Unsolicited emails

Bogus IT helpdesk calls –In these calls, the victim receives a cold call from someone pretending to be from a reputable IT or software company. The caller tells the victim about current IT risks and scams and offers to do a virus check on the recipient’s computer. The caller talks them through this ‘check’ which can involve typing in simple commands to generate an ‘error’ message or running a scan that they download online. In either case, the ‘result’ is used by the caller to convince the victim they have a security flaw or virus on their computer, and that the solution is to install ‘security software/patch’.

Webmaster affiliate programs – Internet users can also be approached via pop-ups on legitimate websites suggesting their computer is infected or that a free virus check can be implemented. The user will then be directed to a reputable-looking site which will prompt them to download malicious software which asserts to fix the current issues. These pop ups are distributed by criminals who incentivise webmasters to participate in what they believe to be a genuine affiliate marketing programme, in which they receive payment for every pop up that is clicked on.

Unsolicited emails – Another avenue criminals use to target internet users is via unsolicited emails offering free security checks or advising that viruses or malware have been found on the user’s computer.

What are the risks?

  • Loss of money by paying for ‘AV software’ that will actually compromise the security of your computer, or at very least is actually fake or available for free elsewhere
  • Once malicious software is installed, fraudsters can take steal your personal information, putting you at further risk of identity fraud
  • They can also use your computer to commit other online crime – this can have a knock-on effect on your friends and family who may receive scam emails and pop-ups which they look like they have been sent by you

How can I protect myself?

  • Ignore any unsolicited calls or emails from companies offering free software checks on your computer. Reputable IT vendors will not contact you directly in this way without prior notice or a direct request.
  • Be wary of any pop-ups you receive while navigating the internet which suggest your computer is infected with a virus.
  • Take basic steps to protect your computer, by installing genuine anti-virus and other software.
  • Victims of this scam should report it to Action Fraud



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s