Fifteen percent of all malware acquired by users comes from fake antivirus warnings, according to a Google study released at the Usenix Workshop on Large-Scale Exploits and Emergent Threats. The study analyzed 240 million web pages from January 2009 to February 2010.
Niels Provos, a principal software engineer at Google, said that the amount of malware coming from users clicking on fake antivirus warnings has increased five fold from when their studies commenced.
“We observed the first form of fake AV attack involving Web sites, e.g. Malwarealarm.com, in our systems on March 3, 2007. At that time, fake AV attacks employed simple JavaScript to display an alert that asked users to download a fake AV executable,” the report reads.
“More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface. In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match.”
The research also found that domains containing malware were online for shorter and shorter periods of time because of Google’s safe browsing technology. Built into Chrome and Firefox, the protection mechanism sends up red flags whenever a user visits a questionable site.
Chrome and Firefox users might see a similar screen when visiting a harmful site.
The report also illustrated that fake antivirus messages comprise half of all malware received via online advertisements, suggesting that users need to be alert. Provos noted that the best way to combat the issue is to quickly close any pages where the fake antivirus pops up. He also said that users affected by any malware may need professional help to remove the problem, since such code can be quite insidious.
Articles RSS