New fake antivirus exploits 'cloud' trend
While the spread of fake antivirus programs has slowed down in recent months, cybercriminals continue to unleash them on the public, with the latest fake AVs exploiting the âcloud" trend. Computer security firm Kaspersky Labs said the latest fake antivirus program mentions âcloud protection," and can lead victims to a second scam. âInterestingly, it also mentions cloud protection, apparently trying to take advantage of a fashionable new concept. If the user is conned into buying this fake software, thereâs another scam in store. In the center of the screen the price is quoted at $52.95, but in the small print this creeps up to $72.85 for so-called âlifelongâ protection," it said in a blog post. The cloud refers to services provided over the Internet. This may include email and online storage of documents and music files. Kaspersky said its software detects the new malware as Trojan-FakeAV.Win32.OpenCloud. It said Trojan-FakeAV.Win32.OpenCloud.h pops up and identifies some standard Microsoft Windows applications, including Notepad, Media Player, Paint and Calc as âmalicious" â then offers to clean up the supposed infection. On the other hand, Kaspersky also found an âaffiliate program" that offers to pay users to help spread the fake antivirus. âItâs clear that successful cybercrime gangs are still distributing rogue AVs, even though this market is experiencing a sharp decline. So, if you see notifications about âWindows errorsâ or âsystem infections,â proceed with caution. Donât pay for any solution arriving unannounced over the Internet and make sure you install a genuine security product," it advised. Declining attempts at infection Citing its figures, Kaspersky noted a substantial decrease in the number of fake antivirus programs since June 2011. From 50,000 to 60,000 daily attempts to infect users with fake antivirus in June, the number has dwindled to 10,000. However, Kaspersky said this has not stopped cybercriminals from making rogue antivirus software to fool people. 'Affiliate' program Kaspersky said a trace showed the payment site for the fake antivirus was registered in Russia in the name of Denis Verdanskiy, on May 10, 2011. It also discovered an affiliate program called âMoney Racing AV" at the IP address specified in the information about the server of the host in question. Under the affiliate program, the cybercriminals invite users to distribute FakeAV for $25 every time the fake antivirus is installed and paid for. âThe proposed deal is a just over one third of the total price paid by the user. The rest of the money seems to go to the owners of the affiliate program, who provide the fake antivirus, the online payment interface and handle the transaction," it said. â TJD, GMA News