There isn’t often positive news on the cybersecurity front, but the researchers at ThreatTrack Security were able to pinpoint one area where the threat actually decreased from 2011 to 2012: Fake AV. According to the ThreatTrack Security blog, after hitting a high point in 2011, Fake AV dropped by 40 percent last year.
Why the dramatic difference? The researchers pointed to something I found interesting: 2011 was a year with many unusual high-profile events, like the earthquake and tsunami in Japan and the killing of Osama bin Laden. Cybercriminals feed off the news cycle and use social engineering techniques to lure unsuspecting Internet users to malicious websites. Fake AV still saw an increase in the early part of 2012, but then it began to fall off, even as the scammers were turning to non-traditional methods, like mobile devices and social media sites. The ThreatTrack Security blog explained it this way:
Several companies and thought leaders in the security industry have asserted that online criminals are now slowly moving away from using fake AV for their money-making schemes and veering off to other alternatives for several reasons: first, more effective law enforcement; second, security measures placed by services, such as Google, that are directly affected by poisoned searches; and last, the continuous awareness campaigns of concerned groups and individuals.
What hasn’t improved is the security software to catch Fake AV – but that, too, may be part of the Fake AV decline. Zscaler reported that few AV vendors do much to block Fake AV, finding that 70 percent of AV applications fail to detect Fake AV. As a result, the bad guys haven’t done anything to update the look or approach of Fake AV over the years.
ThreatTrack Security said that another likely reason for the decline is that cybercrooks are moving to other sorts of scams, like ransomware. I would agree with that. But it doesn’t mean that Fake AV has disappeared for good, and as Zscaler pointed out, once Fake AV is on your machine, it is very difficult to get rid of (which I discovered from personal experience a few years ago). Just because we’ve seen a decrease in this or any malware doesn’t mean we can let our guard down. As soon as we do, the bad guys will be there to take advantage.