Search Results for: fake antivirus

Fake Virus Scan

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

fake2

fake3

This type of scam happens on both Windows and Mac computers.

Antivirus Comparison

There is an organisation called AV-Comparatives that tests antivirus programs and compares their performance. They’re independent from the antivirus vendors making their tests more useful. So it’s good to look through the results and see which antivirus programs are working better than others.  Below are their top 7 programs, in no specific order:

G Data
Symantec
Avast
F-Secure
BitDefender
eScan
ESET
Full details of their tests are here – click on the August 2009 report. I was surprised to see Trend Micro was missing from the tests. I tried contacting them about it but I haven’t received a response.

So when you’re ready to invest in a good antivirus program for your PC you can use the results of their tests to base your decision.
Also keep in mind there are fake antivirus programs out there, they pretend to do a scan but actually install malware.

Fake Facebook Fan Check Virus

There’s a rumour about a Facebook app called “Facebook Fan Check”. The rumour says that after 2 days this app goes through friends list and somehow infects their PCs.

Some people have been posting messages on Facebook saying:

to all those using FAN CHECK APPLICATION, please delete it & all its pictures, it contains a virus & takes 24-48 hours 2 infect everyone on your friends list please copy and paste 2 your status to let everyone know

Firstly, malicious Facebook apps do exist. The ones I know of are called Posts and Stream applications. They’re not viruses but they try to trick you into providing personal data (called phishing).

Secondly, Fan Check Virus doesn’t exist, but nevertheless there is a danger. What’s happening is that the virus writers have created web pages infected with real malware and fake antivirus programs.

So if you search for Fan Check Application on Google, you’re likely to end up on the infected web page looking for information, and that’s how your PC gets infected. Clever, right? So all the people writing about Fan Check haven’t done any research and are actually helping to spread the real malware.

There’s a video explaining more about it here.

And it seems this isn’t the first time this strategy was used. Another fake Facebook virus called Error Check System works in the same way, if you Google for information on it you’ll likely end up on a web site with a fake anti-virus product.

Fake Bank of America Digital Certificate

A spam email pretending to be sent from the Bank of America tells readers they need to install a digital certificate. What it really does is install malware.

Not only does it install malware, it also asks you for your user ID and password.

Here are some tips to help you avoid this sort of scam:

  • When you use any online banking service, look for the padlock icon in your browser. Then click on it, it needs to say your bank’s name, it’s full web address, and shouldn’t show any errors.
  • If you receive an email from your bank, don’t click on any links. Instead, open a new web browser and type in your bank’s web address. This way you can’t be tricked into clicking the wrong link.
  • Always be wary when you receive unsolicited emails. More often than not they’re scams.
  • Use a good antivirus product

Fake Twitter Site

Recently people have been receiving a message in Twitter that says something like

hey! check out this funny blog about you…
hxxp://t w i tter.access-logins..com

The link takes you to a page that looks a lot like the Twitter login page. If you try typing in your Twitter username and password it records it in a private database. Later someone will log into your Twitter account using your password and start sending out message like the one above.

Many people have one password for many sites, so once they have your Twitter account they could later try other services (e.g. Facebook).

If you use Twitter and see the above message just ignore it. Don’t click on the link.

Some web browsers (such as the latest version of FireFox and the latest version of Opera) will now detect this fake site and show you a large warning. A good antivirus package will also detect these sites and block them.

And if you think you’ve already fallen for this change your passwords.

Fake eNom emails

Below are two fake emails claiming to be from eNom (a domain name and web hosting provider). The emails are worded such that they sound technical and that they require immediate action.

Both emails contain a link you’re supposed to click on, however if you examine the link closely you’ll see they actually point to someone else’s site. This is sneaky and you really need to be aware how to distinguish real links from malicious ones like these.

In this case the link is displayed as: http://www.enom.com – but if you place the mouse pointer over the link and wait a second, you’ll see the real link displayed (depending on which browse and email client you’re using). In this case the link really points to httpz: // w ww.enom.com.com92. _biz  – See what they did there? They added a few characters to the end. This is enough to make it point to a completely different site. Even though is has part of eNom’s address in there, it’s different. (Note that I broke up the URL to stop you from accidently clicking on it).

The second email is similar, it really points to h ttp :/ / www. enom. comcom94._com – Again this is different, even though it has part of eNom’s address. Even one letter or number is enough to make it go somewhere else. (Again I broke up the address to stop you clicking on it).

How can they do this? Unfortunately at this time nobody stops scammers registering an address that is very similar to a legitimate address. It’s up to you to take care what you click on.

Another couple of tips to protect you from these tactics:

  • Use a good antivirus package that checks every web page you load. These days they have a list of good and bad sites, and it’ll warn you if you’re going to a known “bad” site.
  • If your web browser or email client doesn’t let you see the real link (by hovering the mouse pointer over the link) then upgrade to another browser or email client.
  • Use some kind of spam filtering with your email. This is fairly common these days.
  • Use an alternative browser, such as FireFox, Opera, Chrome, or Safari. This isn’t always enough these days, as we’ve seen with Flash malware. But it helps a little.

Below are the two emails. I’m putting them here so that people can search Google and get to this page to learn what they really are.

Email 1:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

Second email:

Dear eNom Customer, 

Starting at 1 AM PT on Saturday, November 1st, 2008 until 4 AM PT, we will be conducting maintenance on our database and datacenter resulting in the following sites and services being unavailable: 

* Main site 

* All web hosting services 

* Email services 

* Communication with the registry affecting new registrations, renewals, and transfers 

For access your account follow this link – http://www.enom.com 

The following services will not be affected and will continue to be fully operational: 

* DNS will resolve normally – although operational through this downtime, any changes to DNS settings may be delayed intermittently for a period of up to 24 hours from the start of the maintenance period 

* Email forwarding and site redirection will operate normally 

We anticipate the maintenance will only last up to 3 hours. We apologize for any inconvenience during this short maintenance and thank you for your patience. 

Sincerely, 

eNom Tech Support

XP Antivirus

ads XP Antivirus is a fake antivirus program. It looks like an anti virus program and when run it tells you it found a number of threats. It then prompts you to spend money in order to remove the alleged threats. The threats it tells you about aren’t real, it’s a scam to get money from you.

The road to XP Antivirus is:

  1. A malicious ad appears on legitimate web sites. The operators of the web sites hosting this ad aren’t aware of what it is.
  2. A message appears offering a product called XP Antivirus. The message reads:
    • Attention! If your computer is infected, you could suffer data loss, erratic PC behaviour. PC freezes and creahes.

      Detect and remove viruses before they damage your computer!
      XP antivirus will perform a quick and 100% FREE scan of your computer for Viruses, Spyware and Adware.

      Do you want to install XP antivirus to scan your computer for malware now? (Recommended)

      (Note: I bolded the typo that appears in the original ad)

  3. If you say ok then a fake anti virus program is installed.
  4. The program then informs you about a large number of (untrue) malware on your computer
  5. You’re then asked to pay to remove them

A few days ago I mentioned a similar scam for Macs called iMunizator. These things will never let up so take care who you trust. Don’t just run or install unknown programs on your computer.

Fake IRS Tax Refunds

Emails are being sent claiming to be from USA’s IRS department. They claim to offer a $375 refund for filling out a form. The form is hosted on a hacked web site, not on the IRS’s web site. The form asks for a large amount of personal information including credit card numbers and PIN numbers. This information is collected (a trick known as phishing) and later used to commit identity theft (and effectively stealing your money).

cash_hand When doing any taxes online please ensure the website is correct. See this earlier article on how to recognise deceptive domain names (URLs) and check for SSL certificates on the page (double click on the padlock icon in Internet Explorer, read who owns the site).

Good antivirus packages these days will also keep track of which web sites you go to and alert you if it’s a known fraud site. So it’s a good investment to purchase one.

Australian Taxation Office – New Rules

The following email is a scam. It encourages you to click on a link about tax, but instead takes you to a website that tells you your computer has a virus. This is where the scam comes in – you don’t really have a virus. They just want to sell you a fake antivirus product.

The email says:

Australian Taxation Office informs you about the changes in the rules of submitting tax report.

Please, read about the changes to Click Here.

Important to know
We do not offer cashier services for tax payments or refunds. For further information on how to pay your taxes, see How to pay.
(http://www.ato.gov.au/content.asp?doc=/content/33696.htm) 

We are kindly asking you to keep to rules and terms of tax report submission to avoid penalty. 

Best regards,

Andrew Nichols
Australian Taxation Office

If you see this email, don’t click on the links. Delete it.

How can you be sure if it’s real or a scam?

Place the mouse pointer over the links, but don’t click. You should see the real address popup. If it looks dodgy then it’s probably a scam. See this screenshot,

Fake ATO emailThis type of scam email is common. Always use this trick to judge if the email is legitimate or a scam.