Press Releases

Browse our press release archive

16 May 2006

Malware displays fake virus warnings to sell software

More hackers generating income by preying on security fears

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of the growing trend for malware to display fake security warnings in an attempt to sell software.

The latest example seen by Sophos experts is Troj/FakeVir-O, a Trojan horse that displays a fake warning message claiming that virus activity has been detected on the user's PC.

The FakeVir-O Trojan horse displays a message, encouraging computer users to visit a website selling software which claims to protect against spyware. Sophos believes that the Trojan horse has been written by an affiliate to the software company, and is trying to generate revenue by driving people to the website.

The message displayed by the Trojan reads as follows:

Your computer is infected!

Critical System Error!
System detected virus activities.
They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software.

The message displayed by the Trojan horse

The message displayed by the Trojan horse.

"More and more malware is being written that tries to make cash by preying on users' security fears," said Graham Cluley, senior technology consultant for Sophos. "Many of these attacks don't just display advertising, they fool people into believing their computer has a serious security problem when it has nothing of the kind. People need to be more suspicious of the messages they receive on their computers, as it could be a hacker trying to scare them out of their money."

"Furthermore, the websites that users are directed to by malware can often carry software that pretends to be bona fide, but may list bogus reviews of its effectiveness at killing off spyware and viruses, or just be interested in stealing users' credit card details," continued Cluley. "Legitimate software companies need to take firm action if they have advertising affiliates who are breaking the law by installing malware onto innocent users' computers to generate income."

In April, Sophos reported on Zhijian Chen who was fined almost $84,000 for marketing a bogus anti-spyware program. A week ago, hacker Jeanson James Ancheta was sentenced to 57 months in jail for installing revenue-generating adware on a zombie network of 400,000 computers.

Sophos recommends companies put in place a consolidated solution to defend against viruses, spyware and spam, and ensure that it is automatically updated as new threats emerge.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at