A rogue antivirus program may look genuine but is itself a virus – it pretends to ‘scan’ your computer and shows dire warnings that you have dozens of nasty virus infections that only it can remove – if you buy it… Because they try to scare you into paying, rogue antivirus programs are commonly called ‘scareware’.
Buying a rogue antivirus is not only a waste of money (it will not remove real viruses – it is the virus) but may cause further financial loss. You have given your card details to a bunch of criminals who may use your data to rack up further purchases or sell for use in other scams.
This month the FBI reports that just one “international cyber crime ring netted $71 million by infecting victims’ computers with scareware and selling rogue antivirus software” which gives an idea of the scale of the problem.
The test is available at Microsoft’s website – there are useful security tips at the end of the test and further info on scareware from Microsoft here.
Forewarned is forearmed so it pays to know what a rogue looks like but an easy way to help identify one is to understand that no reputable antivirus will ever install itself without your explicit permission i.e. you have to purposely download and install it. Any supposed antivirus program which suddenly appears on your computer without your knowledge or active installation is therefore highly suspicious and likely to be a rogue.
Two exceptions are Microsoft security programs which are already built into Windows: Windows Defender is an antispyware program included with Vista and Windows 7 whilst Windows 8 Defender is an antivirus program (basically MSE) included with Windows 8.
Finally, it helps to be aware of what your current antivirus looks like so you can more easily spot imposters – open it up and run a scan so you know what you should see. If you have never seen a virus alert from your antivirus program before and want to know what it would look like, a simple way to find out (obviously without downloading a real virus!) is to try downloading the test file from Eicar here – it’s the first eicar.com file in the ‘Download area using the standard protocol http’ section.
This is not a virus – it’s a standard file designed to test if an antivirus program is working. Most antivirus products will treat it as if it were a virus and throw up a virus alert so you can see what it looks like (they typically report it with an obvious name e.g. EICAR-AV-Test or not-a-virus).
Rogue antivirus scams are very common but they only succeed in gaining payment because some users do not recognize them for the fraud that they really are. I tried the test a few times and always scored 100% (smug mode, on) but I see these nasties every day in my business so would not expect to mistake any for genuine antivirus programs.
How did you do? Let us know in the comments.