Pulling Back the Curtain on Rogue AV Tech Support

by Nicolas Brulez

We’ve blogged a few times about rogue AV, explaining how search engines have been abused using Black Hat Search Engine Optimization techniques to redirect web surfers to rogue AV websites. Recently, we’ve noticed that the rogue AVs being spread are all equipped with an “Online Support” button.

See the top right corner:

Pressing Support takes you into a live chat with the rogue AV Tech Support. We wondered whether it was a bot answering questions based on keywords or real people – and yes, they turned out to be real!

We learned that they offer Technical Support by chat, but also by phone and email. The email is especially useful if you don’t speak English. The live chat tells you (in English) to send an email in your native language to a given email address to receive support in your native language:

If you are infected with a rogue AV program which you picked up while using a search engine (Black Hat SEO again), and connect to their support, they will ask you which AV you want support for.

Once you tell them, they’ll provide you a ’Free Trial’ version of the program that will remove the infections found by the first one (they have very similar names).

The trial version looks like this:

This program has the same user interface, but a slightly different name – with the same “Online support” button.

The rogue AV will use the language of your OS. So if you are using a French Windows XP for instance, the rogue AV user interface will be in French, which makes it even more convincing.

Read the full post at Securelist.

Commenting on this Article is closed.