Scareware impersonates legit antivirus software from AVG

The days of malware makers fearing copyright infringement appear to be over

In what could be an alarming preview of tomorrow's malware-spreading techniques, a new version of scareware is on the move, one that's designed to look exactly like it's a legitimate antivirus product from reputable security company AVG.

Microsoft has issued an alert about AVGAntivirus2011, malware that purports itself to be AVG Antivirus 2011. The program pretends to perform a security scan of a user's system, claims to find an array of dangerous malware, and prompts the user to purchase a full version of the "antivirus software" to commence the system-cleansing process.

Once installed on a system, the malware makes changes to the registry, adds a launch button to the Start menu and icon to the desktop, and sets itself as the default debugger for Internet Explorer, Firefox, Opera, Chrome, and Safari. When the user attempts to launch one of these apps, the malware launches instead.

This breed of scareware in and of itself likely sounds familiar. It's a variant of the existing Win32/FakeXPA malware, in fact. The difference here is that this program very closely imitates a known and trusted product, including a professional-looking GUI alongside an existing product name and logo. Even a relatively savvy user, such as one who takes the time to do an Internet search for "AVG antivirus" to see if the program is legit, might end up being fooled.

I ran this one by InfoWorld Security Adviser Roger Grimes, and he confirmed that AVGAntivirus2011 is unusual. "Although there are literally tens of thousands of fake AV programs, this is the first I've known that faked a legitimate AV so well," he said. "We've always had Trojan versions, since the early days of McAfee, but not like this."

In the past, Grimes said, the purveyors of fake antivirus software have been surprisingly respectful of copyrights, avoiding using exact product names and logos. "I've always been amazed how [they] go out of their way not to violate legitimate names and copyright: McAfe, McCatte, MacAfee, etc.," he said. "It's like copyright infringement is some great, punishable offense, well beyond just stealing money."

The troubling question here is, what other popular and respected technology brands might malware makers start using for criminal activities?

This article, "Scareware impersonates legit antivirus software from AVG," was originally published at Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest business technology news, follow on Twitter.