January 29, 2014

Fake AV Asks for Subscription Renewals


Cleaning up and re-imaging machines infected with rogue AV continues to take precious man-hours from security teams already saddled with increasing responsibility.  While fake antivirus software (AV) has yielded the security headlines to exploit kits, ransomware, and crime packs, active rogue AV campaigns continue to be an ongoing challenge to organizations attempting to keep their networks free from malware. Today, Websense® Security Labs™ researchers, using our Websense ThreatSeeker® Intelligence Cloud, have intercepted one such campaign using malicious emails coming from a fake AV called Anti-Virus Pro.  The malicious emails use “PC Security - Renewal" as the subject.

Malicious Email

These malicious emails offer subscription renewals to unsuspecting customers who are then redirected to the fake AV site: hxxp://anti-virus-professional.com.  The site prompts users to download a trial version of the malware.

Malicious Emails

Websense® ThreatScope detects the fake AV as malicious, and shows that it drops and runs binaries in the filesystem directory of the user profile. Interestingly enough, this malware was first seen in Virus Total about a year and a half ago, yet only 40% of AV engines had detection at the time of this post.


Intelligence gathered around this malicious campaign suggests that its focus is the manufacturing industry, as well as other service-oriented businesses.

Service oritented

Geographically, the campaign originates in the US and United Kingdom.  So far, we are seeing Belgium, the US, and the United Kingdom as the top countries affected.


Historically, fake AV has been associated heavily with Black Hat SEO attacks.  Now, fake AV is using emails to spread the campaign.  This could signal a comeback of one of the most popular malicious campaigns of the past. 

Websense customers are protected from these and other threats by Websense ACE (Advanced Classification Engine).


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.