Fake Antivirus

What is fake antivirus software? How to spot an example of a fake antivirus software attack.

How do I know what a fake Antivirus, Malware, Phishing or Scareware attack looks like?  This is one of many common examples. These screen shots are captured from a Windows computer. Note that all of this takes place in an Internet Browser Window.  If a real antivirus software program like Symantec were responding to an attack, the notice would be within the window of Symantec Antivirus and NOT your Internet Browser window.  The victim of this attack was searching Google in reference to medical and scientific research.

The Popup notification is the Internet Explorer Window.  Note the address bar and other browser window options along the top and bottom menus.


The Address Bar of the Browser contains a URL pointing back to Russia ..pp.ru/.


The Message Window contains a misspelling of the word “migth” should be might?


By closing the Browser Window, note the Browser notice “Are you sure you want to navigate away from this page?”  This is another clear indication of Fake AV since you are now closing your Browser and not closing a legitimate version of Symantec Antivirus or a fully licensed Antivirus program.


There are many variations of a Fake Antivirus, Malware or Phishing attack, this example is only one of many.  The key points to remember are that they will be prompted by visiting a website, or opening a link to a website and will be a message window while in your Internet Browser and NOT a specific program like Symantec or other legitimate Antivirus programs.

For a technical discussion and more information review the following from Symantec

Keywords:Fake Antivirus, Fake AV, Fake, Scareware   Doc ID:28017
Owner:David L.Group:Department of Dermatology
Created:2013-01-10 17:44 CDTUpdated:2013-01-10 21:26 CDT
Sites:Department of Dermatology
Feedback:  3   1