New fake antivirus exploits 'cloud' trend

While the spread of fake antivirus programs has slowed down in recent months, cybercriminals continue to unleash them on the public, with the latest fake AVs exploiting the “cloud" trend. Computer security firm Kaspersky Labs said the latest fake antivirus program mentions “cloud protection," and can lead victims to a second scam. “Interestingly, it also mentions cloud protection, apparently trying to take advantage of a fashionable new concept. If the user is conned into buying this fake software, there’s another scam in store. In the center of the screen the price is quoted at $52.95, but in the small print this creeps up to $72.85 for so-called ‘lifelong’ protection," it said in a blog post. The cloud refers to services provided over the Internet. This may include email and online storage of documents and music files. Kaspersky said its software detects the new malware as Trojan-FakeAV.Win32.OpenCloud. It said Trojan-FakeAV.Win32.OpenCloud.h pops up and identifies some standard Microsoft Windows applications, including Notepad, Media Player, Paint and Calc as “malicious" – then offers to clean up the supposed infection. On the other hand, Kaspersky also found an “affiliate program" that offers to pay users to help spread the fake antivirus. “It’s clear that successful cybercrime gangs are still distributing rogue AVs, even though this market is experiencing a sharp decline. So, if you see notifications about ‘Windows errors’ or ‘system infections,’ proceed with caution. Don’t pay for any solution arriving unannounced over the Internet and make sure you install a genuine security product," it advised. Declining attempts at infection Citing its figures, Kaspersky noted a substantial decrease in the number of fake antivirus programs since June 2011. From 50,000 to 60,000 daily attempts to infect users with fake antivirus in June, the number has dwindled to 10,000. However, Kaspersky said this has not stopped cybercriminals from making rogue antivirus software to fool people. 'Affiliate' program Kaspersky said a trace showed the payment site for the fake antivirus was registered in Russia in the name of Denis Verdanskiy, on May 10, 2011. It also discovered an affiliate program called “Money Racing AV" at the IP address specified in the information about the server of the host in question. Under the affiliate program, the cybercriminals invite users to distribute FakeAV for $25 every time the fake antivirus is installed and paid for. “The proposed deal is a just over one third of the total price paid by the user. The rest of the money seems to go to the owners of the affiliate program, who provide the fake antivirus, the online payment interface and handle the transaction," it said. — TJD, GMA News