Fake antivirus abuses name and reputation of G Data

G Data offers tips on how to avoid falling victim to this scam

06/24/2013 | Badhoevedorp 

The use of fake antivirus is a well known trick of cyber criminals. With this tactic it is very easy to install malware on the victims computer. Another goal is making as much money as possible off the victim. To heighten the effectivity of this scam, cyber criminals often abuse the names of reputable antivirus suppliers. G Data has recently discovered that its name is also being used for a fake antivirus scam and warns users to be careful not to fall victim to this fraud.

In general, the course of the scam is as follows: the user surfs the internet. All of a sudden, a window pops up, preventing the user from surfing. The window strongly advices the user to do a free online system scan. If the user agrees, they will see e pre-recorded video of a fake system scan, that results in a list of malware that is allegedly found on the system. The user is manipulated during the process into getting more and more anxious, so they will agree to buy the recommended software to solve the apparent problem. If the victim indeed does this, there are a few problems that can occur. First of all, they will pay a (in most cases: large) sum of money for a piece of software that does nothing. Secondly, the victim will share their credit card details with a cyber criminal who can, in turn, use the card details for purchases, or they can sell the information in the underground marketplace to the highest bidder. Thirdly, it often happens that the fake AV software in fact harbours malicious code, so the victim will actually install malware instead of anti-malware on their pc. This way, their system is wide open for cyber criminals, that can use the computer for DDoS attacks, for spam campaigns or for spreading malware. The pc can also be used for harbouring illegal files, such as movies, music or even child porn.  

In the case of the fake antivirus that abuses the G Data brand, the product name ‘Internetsecurity’ is used. This is a popular product name, used by many legitimate antivirus suppliers. The graphical interface of the fake version does not resemble the one of the real G Data InternetSecurity. The fake version seemingly offers features like ‘Virus Scanner’ and ‘Firewall’, but these features do not do anything. The G Data name is not only used in the graphical interface, but also in the file properties. The designer has even inserted the copyright and credentials file originally used by G Data in the fake security solution. The software also places a G Data icon in the task bar.

G Data tips for avoiding fake antivirus products

  • 1)    Use a comprehensive antivirus solution from a reliable editor. The software should always be up-to-date and offer a scanner, firewall, web and real time protection. A spam filter that keeps all unwanted promotions out of your inbox is also a good idea.
  • 2)    Make sure the operating system, the browser and all other software on the pc are the latest version and include all published patches. This way, all known security vulnerabilities are patched.
  • 3)    Disable the active browser content. JavaScript elements and ActiveX, are frequently used to infect users with malware.
  • 4)    Never accept an offer for a free online system scan, unless you actively source one safely yourself directly from the vendors website.

Danielle van Leeuwen