Security Bulletin for Fake Antivirus

Thursday, January 27, 2022

Occasionally, as you are browsing the web, you may come across a pop up prompting you to either update your current anti-virus software, to scan your system because some sort of malware has been detected, or to purchase a new antivirus program. It might look a lot the standard pop up from your local antivirus software. However, the download will actually be a virus that is extremely difficult to remove and will most likely require you to re-image your system. Do not click on this box should you encounter this pop up message. This includes clicking on cancel, which can also download the virus. If possible, use task manager (found by pressing ctrl alt and del keys simultaneously) to close your browser window. Inside windows task manager, click the “processes” tab. Close all internet browser windows. If the program will not respond, click “end now” when prompted. You may have to click “end task” twice. Again, do not interact with the pop up or browser itself during this process if at all possible.

Some common names associated with the virus are “XP 2008 Antivirus”, “Vista 2008 Antivirus”, and “Malware Defense”. There are several variants of the virus, but the behavior from all is essentially the same. You will often be redirected from your homepage to some e-commerce page prompting you to either update or purchase their software. Obviously, do not purchase anything when directed to these sites. You will sometimes see the program doing “malware scans” without your prompting. Also, while browsing, you will start receiving the same pop up message over and over alerting you to malware presence.
The best preventative actions you can take is to ensure you have a reputable Anti-Virus application (McAfee) installed and up to date, keep Windows up to date by running Windows Update, and don’t forget to keep your applications (Adobe, QuickTime, etc) and browser plugins (Flash, Java, etc) up to date as well.