Fake Anti-virus Software Roolz

Researchers at Google have discovered that Fake AV accounts for 15% of all malware the company has detected on the web, and 50% of that delivered by ads.

The 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats will start in San Jose, California on April 27, 2010. Now in its third year, LEET aims to unify the broad community of researchers and practitioners who focus on worms, bots, spam, spyware, phishing, DDoS, and “the ever-increasing palette of large-scale Internet-based threats.”

Google will be using this forum to deliver its findings about Fake Anti-virus attacks on the web, The Nocebo Effect on the Web: An Analysis of Fake AV distribution:

“Fake AV software masquerades as a legitimate security product with the goal of deceiving victims into paying registration fees to seemingly remove malware from their computers. Our analysis of 240 million web pages collected by Google’s malware detection infrastructure over a 13 month period discovered over 11,000 domains involved in Fake AV distribution. We show that the Fake AV threat is rising in prevalence, both absolutely, and relative to other forms of web-based malware. Fake AV currently accounts for 15% of all malware we detect on the web. Our investigation reveals several characteristics that distinguish Fake AVs from other forms of web-based malware and shows how these characteristics have changed over time. For instance, Fake AV attacks occur frequently via web sites likely to reach more users including spam web sites and on-line Ads. These attacks account for 60% of the malware discovered on domains that include trending keywords. As of this writing, Fake AV is responsible for 50% of all malware delivered via Ads, which represents a five-fold increase from just a year ago.”

On Google’s Online Security Blog, however, the company does go on to say that the lifespan of domains delivering the Fake AV malware has decreased as well. Google also provides a list of trusted antispyware companies.

Life sucks then your computer gets infected. Let’s all look for our happy places now.