With the Internet evolving, the security risks users face on a day-to-day basis have become increasingly complicated. Security vendors are the most aware of this, challenged with protecting people's PCs from ever-expanding threats without turning a computer into an inert hunk of plastic. Their most difficult challenge yet may be one that has began to emerge relatively recently, in the form of fake anti-virus suites that try to convince people they are real – usually to bleed money from them.
Just how big of a problem are fake anti-virus programs, though? Comparing 2008 to 2009, there has been a reported five-fold increase in the number of fake A/V detections. The primary reason for this right now is cited as a constant-changing checksum on a tainted piece of software, leading to hundreds of thousands of variants – making it more difficult to detect amongst a wide array of machines. One particular security group, APWG, believes that as this evolution of fake software continues, the demand placed on real anti-virus scanners may become overwhelming.
One of the real problems, they noted, is that most software today relies on signature-based detections. Software which changes itself on a per-download basis is easily able sneak past this. It's further complicated because many of these fake programs often try to use a bit of social engineering to accomplish their goals – convincing people they are real, which would get past virtually any software protection. APWG also indicated that the number of machines being infected year by year is actually going up, as opposed to going down. Are malicious software writers getting that much better, or are security vendors slipping? It has always been an interesting battle to watch – unfortunately, end users are caught in the middle.