We’ve noted for a while that the
practices of rogue antivirus software have started to mimic those of
legitimate antivirus software vendors. But a new version of FakeXPA scareware take things a bit further: posing as a legitimate commercial AV package, AVG Antivirus 2011.
Microsoft’s Malware Protection Center issued a warning for the phony AVG program on Monday, noting that the application is standard issue scareware that claims to scan for malware, displays fake ‘detection’ warnings about infections, then asks for money to remove the non-existent malware. Like other scareware, FakeXPA is known, in cases, to install its own malware – variants of the Alureon Trojan horse program.
Screen shots of the FakeXPA malware
shows a legitimate seeming GUI with the AVG Anti Virus logo prominently
displayed. AVG Antivirus 2011 is one of many names used by the malware, with small variations in branding and user interface distinguishing each.
Rogue
anti virus has blossomed into a multi million dollar business in the
last decade using aggressive promotion techniques like search engine
optimization and web-based pop-up ads to trick unwitting Web surfers
into downloading their scareware.
Coopting a legitimate product’s name and logo are just the latest in a series of steps by rogue anti malware vendors to mirror the features and actions of legitimate anti virus software makers. In addition, fake AV firms have also introduced services like localization, online customer support (with real humans!) and even AV-Test like product benchmarking to serve their “customers” and increase profits.