How to Avoid Fake Antivirus, Rogue Software

Here at SecurityWatch, we often talk about malware that masquerades as legitimate software in order to trick users into downloading and installing rogue programs. Users need to remember two important tips in order to steer clear of these malicious applications.

Install from Authorized Sources
Cyber-criminals behind these scams rely on users downloading software from unauthorized sources to push their fake products. On Tuesday, Trend Micro researchers reported a banking Trojan that passed itself off as an installation file for Google Chrome to Brazillian and Peruvian users. Even though the fake installer had the same name as the legitimate file (ChromeSetup.exe), users should have been leery of the fact that the files appeared to be hosted on sites such as Facebook and MSN.
Many users often get hit with rogue software when they try to get pirated versions of software. This isn't a discussion on whether or not you should download pirated software, but it seems pointless to try to download free software (such as Chrome) from alternative sources.

Remember the recent furor over the Flashback Trojan that infected Macs? Flashback got its name because it pretended to be an update file for Adobe Flash. If you need Flash, take the time to go to Adobe.com and download from there directly.

"Use caution when you click links in email or on social networking websites," recommended Tim Rains, director of Trustworthy Computing at Microsoft on the Microsoft Security blog.
However, one of the links identified by Trend Micro happened to be a Google Brazil address. While Net-savvy users may be aware that large companies such as Google are unlikely to link directly to an executable file, this is very tricky. Here is where tip number two comes in. Have a firewall and security software running.

No, Really. Stick to Legit Sources
There is a lot of discussion in security circles over the value of anti-malware tools, especially since many malware writers test their code to bypass major scanners. While there are malicious software that can slip through at the beginning of an outbreak, not having security software in place is akin to leaving the door open in a house and being surprised the burglars came in. Most security software nowadays have several layers of protection to detect and trap unknown variants. PCMag.com has a lot of reviews, for instance, Norton 360 Everywhere, Webroot SecureAnywhere Complete, and Bitdefender Total Security 2012.

"Install antivirus from a company that you know and trust, and keep it up to date," wrote Rains.
It's not just security software that needs to be kept up-to-date. Operating system and other commonly used software, such as Flash, Reader, Java, Microsoft Office, Web browsers, among others, should be regularly updated. "Use automatic updating to keep your operating system and software up to date," Rains added.
Many companies are moving towards automatic updates. Turn it on, or run the install from within the application to avoid getting caught by fake update warnings.

Going back to the first point, the security software should come from legitimate sources, as well. Researchers at GFI Software last week identified a Twitter campaign promoting antivirus applications. The problem was, these "must-see" tools were actually scareware. Unsuspecting users who clicked on these links wound up downloading and installing fake antivirus which claimed to find tons of issues with the computer. Some of these links actually directed users to sites boobytrapped with the Blackhole exploit kit to download additional malware before recommending that users download "Windows Antivirus Patch" to remove the infection, GFI warned. The catch in this and other scareware scams, is that the user ponies up (often for $79) for a paid version that does nothing.
Cyber-criminals are crafty and are always working on ways to trick users into downloading their applications. Don't make it so easy for them.