Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, today announced that it has detected a new variant of a rogue antivirus application using strong graphical similarities to Symantec’s Norton Antivirus. The rogue antivirus application is distributed through various online download sites and is advertised by the generic name of “AntiVirus Pro” (antiviruspro.exe or setup.exe).
According to the Webroot® Threat Research Center, many rogue antimalware applications use tactics to appear as if the product comes from a trusted security company in order to convince users into downloading and purchasing the product. Users can come in contact with the Web site downloading this rogue application through a Google search further projecting an aura of trust.
Rogue antimalware applications are often spread by viruses which download and install multiple pieces of malware on a user’s computer. “AntiVirus Pro”, like many rogue applications, uses deceptive advertising including fake alert messages and Web sites that claim a users machine is infected even when they are not. These Web sites then promote rogue antimalware applications as a cure for their infected systems and sell it via a variety of online payment sources. Webroot has a definition for this new threat, and will detect it if present on a user’s machine.
Webroot recommends several steps to users to prevent this type of malware attack:
- Always have a current version of an industry-leading antispyware, antivirus and firewall product;
- Never download free product or purchase them from unknown Web sites and vendors
- Never purchase a product that is the result of an unknown alert
- Don’t click on links in email or on social networking sites; and,
- Use a credit card that has sufficient fraud protection and never use a debit card online.