Chester Wisniewski over at Sophos posted an article yesterday on the inner workings of a fake anti-virus company. It is a good story and well worth the read. You can find it at the link below. Often support people and users ask me how these types of virus’, worms, etc., make it past our firewalls, AV, and other controls that they spend so much money on. This story points out that this particular fave AV vendor updates there payloads every two hours.
This is an example of how technology cannot fix
stupid human behavior. Really, how can vendors create definitions within a two hour window? Fake AV is not a technology problem, it is a people problem. In many cases fake AV is a social engineering trick that dupes the user into infecting their own system. People need to be educated on what these types of attacks look like, how to prevent them, and who to notify when they occur (or are suspected).
"A sneak peek into fake anti-virus affiliate support"
John "Mike" Wright