Thor Schrock

We have been busy at Schrock Innovations repairing click-jacking victims who have become infected with the latest fake-alert variant called AV 360.  These fake antivirus programs infect your computer and tell you that to fix your PC you need to pay them $50 for a fully functional version of their program.

This stuff is infecting people running McAfee, Norton Antivirus and Internet Security, AVG, Avast, and numerous other widely used programs (NOT Norton 360 - more on that later). I wanted to take a moment to describe what click jacking is, how you get infected with Antivirus 360, and what you can do to prevent it.

What is Click Jacking?

A person is "Click Jacked" when they go to a web page that appears to be legitimate (like an online game website or a stock trading website) and click on something that looks legitimate.

Once the user clicks, the click is rerouted to a illegitimate source that infects the user's computer.  The person using the computer never knows anything has happened until it is too late.  A more technical description of click jacking can be read here.

How Do You Get Infected with AV360?

After you have been "click jacked" your computer is told to download a virus to your hard drive.  In many cases your antivirus software will be disabled and destroyed by the virus, which will then itsself mascarade as a legitimate antivirus program.  It will ask you to use your credit card to buy a license for the software online so it can "clean" your computer.

AV360 is the latest in a long line of "fake alert" infections that included Internet Antivirus 2009 for example.  These infections also prevent the installation of almost all widely used antivirus and malware removal programs, which means once you are infected it can be difficult to get clean again without the assistance of a technician.

How the Attackers Find You

Each of these infections have a life cycle, and that is why the malware authors continually release new version of the software to infect you.  This is the bullet-list life cycle that they use to find you and infect your computer:

• The malware authors create the fake alert malware program (the virus)
• They then create thousands of legitimate websites with useful information all centered around a popular search term (what people are searching for in Google)
• All at once they release the legitimate websites they created on the web and they are added to the search engines' indexes
• Over time, tactics are used to push the suspect websites to the top of the search results
• Once they have all or most of the top 10 results for a search term, the content is changed to click jack visitors
• Visitors are infected
• Over time, the pages are located and are rendered ineffective by antivirus software or anti-phishing filters
• The infection dies off and the cycle begins again with a new name and new websites

Why Do These People Do This?

The main goal of the fake-alert schemes are to trick people into spending $50-$100 to buy the fake antivirus program.  I have not heard of any credit card fraud associated with the numbers that are collected in this process, but I certainly wouldn't trust them myself.

A secondary goal is to build a network of computers that can be used to attack other computers (a botnet).  All of the users that are tricked into buying the program think they are now safely protected.  In the mean time, the malware authors now have unfettered access to their PCs and can use them for any number of nefarious purposes.

In the past botnets have been used to:

• Attack foreign governments (Russia attacked Georgia with a botnet before their land invasion)
• Make money with pop-up windows
• Attack and disable websites (DDoS Attacks)
• Backdoor other infections into the computer
• Steal vital information like passwords, credit card numbers, or Social Security account numbers

How Can I Protect Myself From Click Jacking?

At Schrock Innovations we recommend and install Norton 360 exclusively now.

We don't get paid anything by Symantec to recommend their software, but because we warranty every installation we perform we recommend software that works.  If we install antivirus software on your computer and you get infected, Schrock is obliged to remove your infection at no additional cost to you.

As you might imagine we don't want warranty service calls for virus removals, so we recommend the one program we have seen that can actually get the job done right - Norton 360.