Fake AV & Talking With The Enemy
Fake antivirus software (a.k.a misleading applications or rogue antivirus) is big business nowadays with Symantec reporting 43 million installation attempts from over 250 distinct programs between July 1, 2008, to June 30, 2009. With fake AV software costing the victim anywhere from $30 to $100, this is a lucrative earner for criminals.
Over time Symantec has observed various social engineering tactics being used to try and entice victims to hand over their money in this scam. The fake antivirus software known as Live PC Care has now gone as far as offering live online support to potential victims. Once a victim has installed Live PC Care onto their system via a system exploit or social engineering tactics, they are presented with the screen below falsely informing them that their system is riddled with viruses. Any suspicious computer user might wonder what this software is and where exactly it came from. To alleviate doubt and to aid with the whole scam, the designers of Live PC Care have added a yellow online support button in the top, right-hand corner of the fake AV software.
If a potential victim clicks on the online support button they are brought to a live support chat session. The authors of Live PC Care have taken advantage of a legitimate freeware live chat system called LiveZilla. This system allows Live PC Care victims to chat online with so-called “support agents”. The following screen shot below shows part of an online support conversation with a Live PC Care agent.
After a number of questions we determined that it was not an automated script, but rather a live person at the other end. The main aim of the online support session is to reassure suspicious victims that Live PC Care is legitimate software and that without activating the software at a cost, your computer system is at risk.
With fake AV authors now employing their own online support people, it demonstrates just how big business this scam is and how much the fake AV business model has changed since its initial conception a number of years ago.
Symantec detects Live PC Care as Trojan.FakeAV.
Thanks to Hon Lau for his input on this blog.