Panda Security reveals huge hike in fake anti-virus scams

Fake anti-virus scams now comprise 12 per cent of all malware detected in the wild, according to the latest research from cloud-based security vendor Panda Security, highlighting the huge growth in the phenomenon over the past three years.

The Spain-based firm said that, despite fake anti-virus scams having been around for at least three years, 40 per cent were created this year alone, showing that they have become a favourite with cyber criminals.

Panda analysed the contents of its Collective Intelligence database and found that this type of malicious code was first reported four years ago.

More than 5.6 million unique strains have been detected, roughly 2.2 million of which appeared from January to October 2010.

Panda Security technical director Luis Corrons warned that social networks have proved to be a fertile channel of infection.

"We urge users to be wary when visiting web sites through search engines, to make sure that sources are reliable and to reject all downloads, as you could be infecting yourself," he said. "The best advice is to use common sense when surfing the web."

Robert Rutherford, managing director of consultancy QuoStar Solutions, added that the scareware threats are likely to continue growing.

"Clearing the bank accounts of just a few people is worth the relatively small effort involved, especially if the criminals are based in a country with an exchange rate that makes the gains huge," he explained.

"Scareware is relatively straightforward to control by ensuring that users do not log-on with administrator rights for day-to-day use, machines are security patched and a leading brand anti-virus product is installed and up to date."

The Panda Security findings were published during Get Safe Online Week, an initiative aimed at raising public awareness of security threats and online fraud.

Get Safe Online released research earlier this week suggesting that a quarter of web users have been tricked into buying fake anti-virus software, either by clicking on a web pop-up, or paying over the phone to a cold call scammer pretending to be from a reputable security vendor.

Scareware, or 'rogueware', can comprise many different types of malware, from those that merely display irritating pop-ups encouraging the user to buy fake anti-virus to 'protect their computer', to others that actually disable the PC until the bogus product is purchased.