Are You a Victim of Fake Antivirus Software?

Shame on me. It has taken me this long to write an article on one of the most plaguing issues concerning user’s desktops all over the world these past couple of years. This problem I am sure you have seen before and have experienced it even once or twice during your own Internet browsing sessions. I present to you, rogue antivirus applications a.k.a. scareware! I actually got the motivation to write this article thanks to Ed Bott over at ZDNet. He wrote an article today detailing the differences between Internet Explorer 9 and Google’s Chrome browser in how they handle these type of malware scenarios. It’s an excellent piece of article and I hope that everyone gets a chance to read up on just how rogue antivirus applications get installed in the first place. The purpose of me writing this article is to help spread the word around in hopes that more people learn about this crazy scam and how not to fall victim.

You can read Ed Bott’s article on rogue antivirus malware from here.

Now, if you haven’t seen or read about how rogue antivirus malware works, the concept is fairly simple to understand. The malware creator basically gets you to download and install their executable file. Once done so, what gets installed is a fake antivirus looking software which “claims” that your computer is badly infected with viruses, worms, trojans and the likes. However, it couldn’t be any more true. What’s the end goal? Money of course! The malware creator hopes that the user will fall victim and pay them a sum of money in hopes to “remove” those viruses from their system. So now you see why these types of attacks are labeled scareware. These rogue antivirus software scares the user into thinking that their system is badly infected with malware and that the only way to remove them is to admit defeat and pay up.  In many cases, once these rogue antivirus malware gets installed, it does a number of things to your system other than just showing you that your computer is in bad shape. In many instances, these symptoms can include but not limited to slow and unresponsive systems, unable to launch applications, constant barrage of popups and website redirection. To put in simpler terms, your system is unable to perform as expected of it. This is actually a technique to irritate the user into surrendering funds in hopes to have their systems return to normal.

Fake AV

As you can see in the above picture, a rogue antivirus software looks very similar to their real counterparts and that’s the main goal. The malware creator definitely don’t want to spook the user by giving them something they are unfamiliar with as doing so will entail a higher percentage of failed “customers”. What you see above is just one of the many different looks of these so called rogue software. The more creative and talented a malware author is, the more authentic the fake antivirus can be made to look. In fact, many of these rogue software can cater to specific users depending on their operating systems and browsers. It definitely would tip the user off if they were using a Windows Vista or Windows 7 operating system but the rogue software installed looks as if it belonged to the Windows XP family of operating systems.

Alright, so if you have been following all along, one question you might have is how in the world do the malware creators get users to install their rogue antivirus software in the first place? Once again, it’s very simple. Rogue antivirus software relies on deception and that is the same method used to trick the users into installing their application. I’ll try to explain it here as simple as possible so everyone can understand:

  1. In many instances, a legitimate website is poisoned with an URL redirection. This website in most cases would still be listed in popular search engines such as Google. However, from a users viewpoint, there is nothing that would suggest the website has been hacked just from looking at the search results alone as you’ll see later on.
  2. As soon as the user clicks on the hacked website, the redirection would occur. A popup message window would appear stating that the users computer is infected and that a security scan is needed. What the user sees next is a website with all kinds of fancy animations that once again, closely resembles a legitimate looking antivirus software. Remember, what you see are animations and that your computer is not actually being scanned!
  3. The bogus animations would indicate that the computer is compromised and that further action is needed. The user would then click on a button in which he or she thinks would help them disinfect their computer. The executable is then downloaded to the users computer or worst, automatically run upon download completion. In the latter case, the users computer is then infected with the rogue antivirus malware.
  4. Once the executable has been downloaded, the user would then have to manually run it. Once done so, the computer is then infected.


Please watch this recording captured by Ed Bott to see this process in real-time:

I’ll also go through each of these steps in detail to get a better picture of what is happening.

To learn more about social engineering, I suggest you read my earlier article on email phishing scams. Social engineering and deception is a scary method used by malicious hackers to get innocent users to do what they want them to do. Although it is scary, it’s also fascinating to see how and why it works.

Page 2: How to Get Pwned –>

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)
Are You a Victim of Fake Antivirus Software?, 5.0 out of 5 based on 2 ratings

Pages: 1 2


  1. Very well written . These are probably the most dangerous form of malware. Since user install it themselves , its actually difficult to completely remove them . many best AV cannot rectify it completely.

    The most imp line of defense is your awareness 🙂

    • Yeah, some of them can be quite difficult to remove. If the user is aware of the problem early on, they might be able to get away with it by just performing a System Restore. Malwarebytes should also be used as it is best against these kinds of malware.

Speak Your Mind


(humans only, please) *