Tuesday, April 27, 2010

Report Shows Weaknesses in Anti-Virus Engines

Brian Krebs reports on a research report just released by Google on the increasing difficulty defenses have in countering cybercriminals spreading fake anti-virus programs, commonly known as scareware. Using data provided by Google, purveyors of scareware programs have aggressively stepped up their effort to evade detection by legitimate anti-virus programs, both anti-virus software and Google's own detection efforts.

According to Google's Niels Provos, "We found that if you have anti-virus protection installed on your computer but the [malware detection] signatures for it are out-of-date by just a couple of days, this can drastically reduce the detection rates. It turns out that the closer you get to now, the commercial anti-virus programs were doing a much worse job at detecting pages that were hosting fake anti-virus payloads."

As to the danger, Krebs writes: "Fake anti-virus attacks use misleading pop-ups and videos to scare users into thinking their computers are infected and offer a free download to scan for malware. The bogus scanning programs then claim to find oodles of infected files, and victims who fall for the ruse often are compelled to register the fake anti-virus software for a fee in order to make the incessant malware warnings disappear. Worse still, fake anti-virus programs frequently are bundled with other malware. What’s more, victims end up handing their credit or debit card information over to the people most likely to defraud them."

Read the story and link to the Google report at KrebsOnSecurity.com ...

For what to do if you become a scareware victim, read Brian Krebs tutorial here ...