Antivirus200X: The “Spyware.Monster” Fake AV Scam
Rogue security software scams are everywhere these days. The numbers are quite staggering—over 250 distinct programs racking up 43 million installation attempts, according to our new Report on Rogue Security Software.
Still, when it comes down to functionality and code base, it’s more akin to a few people with really large wardrobes. There might be dozens of variations of the same underlying program, each receiving minor updates and a new software skin. They even use the same fake threat names when attempting to scam you—stuff like “Spyware.Monster” or “Spyware.IEmonster”.
Ultimately what we’re looking at is variety in graphic design rather than functional design. We’ve put together a video to show just that. Our report calls these threats Antivirus200X—a “family” of rogue security programs large enough that two iterations have the dubious honor of ranking second and third in the list of most common rogue security programs in the wild today.
The video shows a number of different Antivirus200X incarnations. But given the variety in appearance over functionality, Symantec antivirus programs detect these threats using a small number of names: Antivirus2008, Antivirus2009, Antivirus2010, with the occasional threat detected by its unique name (NortelAntivirus and Antivirus360, for example).
Antivirus200X is likely the most in-your-face family of rogue security programs out there today. But it’s certainly not alone. For details of other examples, read the Symantec Report on Rogue Security Software.