Re: Fake Antivirus Overwhelming Scanners (Score 3, Interesting)

That number in itself should not surprise anyone. Many threats which are using the web as their primary introduction vector are using server side polymorphism. The sheer volume which the APWG is calling out really only reflects that allot of people are downloading the rogue AV packages. Of course, given the nature of malware collections there is a very strong chance that many of those people already had 'real' AV which detected it, hence the sample being sent to an AV company in the first place. Of course crawling and honeynets will account for some of the sample set but not the majority. The assertion that this is only the tip of the iceberg is likely true given no AV vendor has an omnipresent view of the world but I am not convinced it's any worse than a plethora of other highly deployed threats. Bluntly, they are all out there in gut wrenching numbers. The rise in rogue AV is driven by the fact that it's gaining in popularity with malware distributors because it's a fast, proven revenue source. In some cases they may even skirt the law on whether it's even illegal. Remember, some of these things have rudimentary AV detection capabilities. -al Immunet Corp