Antivirus vendors & computer news outlets played a much greater role than they'll ever admit

Reporter Brian Krebs, writing in his Washington Post blog, revealed details of a worldwide fake-antivirus scam that defrauded credit card holders out of tens of millions of dollars. In a follow-up, Krebs reported the embarrassing media exposure led Visa & MasterCard to give up their unwitting involvement in the scam.

Okay, I’ll bite. Why didn’t the anti­virus industry offer a bounty to catch the crimi­nals behind this huge anti­virus scam?

Various news outlets have regurgitated the story and at least one antivirus vendor gave it some spin in their corporate blog. But one key issue left untounched … is why fake-AV scams grew so obscenely successful.

To me, the answer is simple. Two decades of hysteria convinced everyone to take it on blind faith that antivirus software is the fo shizzle answer to our online woes.

It’s no wonder that computer users will blindly trust an antivirus product that pops up on their screen saying “alert, alert, your PC is infected!” A fake-AV scam will demand $x9.95 to clean up the viruses it finds — which is exactly the same amount a legit antivirus firm will charge if you want their product to do exactly the same thing.

Society’s addiction to inferior antivirus software is now so embedded into our computing norms — the battle cry “get yourself some antivirus software” has become so mantra — that all of society sternly refuses to question its validity.

This scam’s obscene success stems from anti­virus experts who screamed bloody murder for the last two decades … and com­pu­ter repor­ters who gladly quoted all the hype.

Fake-AV scammers aggressively demand you pay for their antivirus software. And the entire computer security industrial complex aggressively demands you buy & use antivirus software. So when it comes to fake-AV scams, the computer security industrial complex isn’t part of the solution—

—it’s actually part of the problem.

And it’s been part of the problem for fully two decades. You can thank the hype-meisters for the obscene success rate for fake-AV scams.

Okay, now here’s some food for thought. You may recall Microsoft offers six-figure rewards for information leading to the arrest & conviction of certain virus writers. Why didn’t the antivirus industry pony up a reward to shutter this huge antivirus scam?

You’ll notice I call it a “fake-antivirus scam” when everyone else on the planet calls it “rogue antivirus software.” Now, I’ll admit definition #4 for “rogue” tackles this very subject—

—yet definition #1 sums up any number of legit employees & companies in the antivirus industry. I insist “rogue” is the wrong word … and I’ll bet you this expert agrees with me.

• By Cometcom1, 22 March 2009 @ 3:41 pm

  Right on the spot with that one. This is something that we’re fighting right now. The “Fake-antivirus” is used more than the “rogue” when dealing with websites infected with this kind of malware.

  Problem is, that the ones making money on this scheme are hard to get to, they tend to change the name of the software and the domain names from which it is originating all the time. Very elusive and usually hiding behind fake names and false registrations.

  But since they’re actually feeding the real AV companies with work, the real AV companies probably do not put up any reward for removing “fake-av” completely. You don’t cut off the hand that feeds you, eh?

  Cometcom1 – Badwarebusters.org community member

Other Links to this Post