With realistic appearances and scan animations, the latest antivirus Trojans–destructive programs pretending to be benign applications–are more difficult for students and faculty to distinguish from real antivirus software.
N.C. State’s Office of Information Technology (OIT) has detected a total of 561 variants of antivirus Trojans on campus computers within the past three years and now removes around 1000 infections each month.
According to Tim Gurganus, IT Security Officer, antivirus Trojans are a growing problem on campus, though he said it’s not any more than for the rest of the world.
“More people than you might imagine are involved in this lucrative criminal enterprise, and it’s growing,” Gurganus said. “The first professionally produced fakes were detected in January 2005. Back then there were two to five new versions of fake antivirus software per month. The number of new variants per month has been growing since then and topped 30 new variants in March 2011.”
Within the first 12 days of May 2010, OIT Security and Compliance detected more than 400 Trojans or other malicious viruses–all originating from fake antivirus programs. The security staff found a total of over 1000 malicious viruses in April 2010.
“Fake antivirus scammers manipulate public trusted websites such as Facebook to frighten users with pop-up messages warning that supposed scans have found malicious software on their computers,” Gurganus said. “The scammers generate these pop-up screens to sell programs to fix the alleged problems, but when users click to accept the offer, malware code is installed on their computers.”
Gurganus said many users fall victim to these attacks, which infect their computers with all kinds of malware viruses, purchase useless antivirus software, and then provide their credit card information as payment to the scammers.
Google Inc. has also confirmed the threat is increasing in prevalence in a recent analysis. It found that from April 2009 to April 2010, out of 240 million Web pages scanned, antivirus programs accounted for 15 percent of all malicious software detected.
Mac users shouldn’t ignore the threat either.
“Some fakes are targeting OS X on the Apple computers now. I’ve seen a fake recently called Apple Security Center that was very convincing; the Trojans have the look and feel of Apple software.”
Some names of fake antivirus software that students and faculty should look out for are: AVG-Antivirus, AntiVira and Internet Security Essentials, which target the Windows platform, and MacDender, Mac Protector and MacGuard, which target the Mac OS X platform.
To protect against these threats, OIT recommends immediately closing the Web browser whenever a pop up about antivirus issues occurs anywhere other than relating to a personally installed security program.
“Whatever you do, don’t click OK to install something when you see a warning,” Gurganus said. “And since many of these malicious web pages are exploiting Java, web browser bugs, Acrobat Reader and Flash Player, another piece of advice is to install security patches from the software maker so the exploits won’t work.”
The University requires students, faculty and staff connecting to the campus network to have a university-approved antivirus program installed and kept up-to-date.
The University also provides free antivirus protection - Trend Micro OfficeScan for Microsoft Windows and Intego VirusBarrier X5 for Mac OS X – to the campus community. These programs can be downloaded from the N.C. State Antivirus Resources website.
Gurganus said annual revenues from the fake antivirus business is in the hundreds of millions of dollars range and show no signs of stopping.
