Fake AVG: Scam Software Cops Name and Logo of Real AV

We’ve noted for a while that the
practices of rogue antivirus software have started to mimic those of
legitimate antivirus software vendors. But a new version of FakeXPA scareware take things a bit further: posing as a legitimate commercial AV package, AVG Antivirus 2011.

AVGWe’ve noted for a while that the
practices of rogue antivirus software have started to mimic those of
legitimate antivirus software vendors. But a new version of FakeXPA scareware take things a bit further: posing as a legitimate commercial AV package, AVG Antivirus 2011.

Microsoft’s Malware Protection Center issued a warning for the phony AVG program on Monday, noting that the application is standard issue scareware that claims to scan for malware, displays fake ‘detection’ warnings about infections, then asks for money to remove the non-existent malware. Like other scareware, FakeXPA is known, in cases, to install its own malware – variants of the Alureon Trojan horse program.

Screen shots of the FakeXPA malware
shows a legitimate seeming GUI with the AVG Anti Virus logo prominently
displayed. AVG Antivirus 2011 is one of many names used by the malware, with small variations in branding and user interface distinguishing each.

anti virus has blossomed into a multi million dollar business in the
last decade using aggressive promotion techniques like search engine
optimization and web-based pop-up ads to trick unwitting Web surfers
into downloading their scareware.

Coopting a legitimate product’s name and logo are just the latest in a series of steps by rogue anti malware vendors to mirror the features and actions of legitimate anti virus software makers. In addition, fake AV firms have also introduced services like localization, online customer support (with real humans!) and even AV-Test like product benchmarking to serve their “customers” and increase profits.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.


  • Anonymous on

    interesting ! BUT --you didn't tell how to recognize

    and avoid fake security programs.

  • Anonymous on

    I haven't figured out why FakeAV hasn't been doing this all along... easy to copy/paste a logo and make a fake program look exactly like the real one.

    P.S. These captchas are almost impossible.

  • Anonymous on

    To download the real AVG please go to http:avg.com or for the free version http://free.avg.com. Do not do to other sites to download AVG.  Remember to check the link before yo download any AV product

  • Zachary Chastain, AVG Community VIP on

    I agree, you need to inform people of how to pickup a safe copy of AVG or it tends to look more like you're just trying to scare people away from using AVG altogether...

    Since Kaspersky didn't see fit to inform their readers how to stay safe, I'll do it for them.

    You should only download any AV software, no matter what the vendor, from authorized and legitimate channels, such as the vendor's website. Don't click on random pop-ups or new windows/tabs that state they will run a registry or virus/malware scan. Nothing that tries to force its way onto your computer like that has your best interest at heart. Furthermore, those external sites have no way of knowing if your computer is infected or not. That is a primary means of spreading these fake AV suites.

    If you want to be sure your copy of AVG is legit, be sure to pick it up from www.avg.com or from free.avg.com. The free sub-domain will link you to Cnet's Download.com to download AVG free, which is an official download site for AVG.  Do not download AVG from any other websites and don't click those pop-ups I mentioned above and you won't have to worry about getting a rogue AVG copy cat on your computer.

    You should also note that although the rogue AVG imitator uses the 2011 brand, it more closely copies the AVG 9 Interface. The real AVG 2011 interface uses more black and a darker blue for an attractive, modern, and more serious look. Check out this screenshot on Cnet's Download.com of the real AVG 2011 Interface so you can tell the difference between the real AVG 2011 and the fake software trying to abuse the AVG brand for their own profit. http://download.cnet.com/i/tim/2010/09/27/AVG_2011_main_610x440.png

    And check out some screen shots of the rogue AVG imitator and learn more about it at this blog post from AVG on the subject from a few weeks ago. http://viruslab.blog.avg.com/2011/01/be-aware-of-rogue-security-software.html

    [Disclaimer: I am *not* an AVG employee, nor am I on payroll at AVG. I am a knowledgeable community member in AVG's Facebook Community who provides volunteer assistance to members of the ever growing AVG Facebook Community. http://www.facebook.com/avgfree]

    I hope readers of this blog find this information on how to stay safe from the threats that Kaspersky mentioned useful.

    Stay Safe!

    Zachary Chastain

    AVG Community VIP

  • russ on

    I just got hit by that...I didn't realize I have mcaffee...I thought it was avg...I was pissed because I thought I had purchased 3 year with my pc....so I had filled in the info...but it said my card was declined...I realize now I have mcaffee...so now is my bank account going to be drained because of it???? I think hackers and id thieves should get the death penalty for what they do...if this causes grief...I am going to be pissed....we need the legal system to go after those hackers like they go after child porn...this is crap............

  • Amber on

    I just went through this as well. The one big thing for me that I found out through the real AVG was that they never make you try to buy there product, and thats what happened. My computer froze up one day while I was online, and the above picture of AVG just popped up out of nowhere. I asked around about it and everyone said that they were a great company. I really had no choice. My computer wouldnt let me do anything but purchase it.So I did just that. Then it said the viruses had been taken off, but then I couldnt find the AVG on my computer at all. I called the customer service # onthe bottom of the box which led to an email from them that comes up as support. DO NOT OPEN IT! AVG will say AVG not anything else. So needless to say........I ended up with a real virus from the email. Fortunately for me, they had not gotten into my bank account. (Must not have figured that part out yet) I closed down my card and got a new one. JUST TO THINK, IF THESE PEOPLE WOULD JUST GET OFF THERE LAZY BUTTS AND GO OUT AND GET A REAL JOB AND MAKE MONEY THE WAY EVERYONE ELSE HAS TO, IMAGINE WHAT THESE PEOOPLE COULD ACTUALLY BE DOING. cAUSE THEY ARE OBVIOUSLY SMART!! JUST A THOUGHT! Be careful do not open or click on it at all if the above pic pops up! Hope this helps!!

  • A1130 on

    whoops, I meant to comment to Annonymous...

  • Anonymous on

    having read through some of the nighnareish blogs on this page makes me think ..have you tried a pop-up blocker,moreover have a genuine copy of AVG Internet Security stop is stone dead this is all too much and needs the internet police to get stuck in.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.