11 December 2013

Subscribers should be aware of an increase in a type of malware that pretends to be antivirus software. This fake antivirus, which currently includes an example named Advanced Security Pro, presents a window which claims to have detected malware on your computer and insists that you need to purchase the full version of the product in order to remove the malware.

Although not entirely new, this type of fake antivirus attack has returned in recent weeks. It can also be easily customised by the attacker to look different or make different claims.

It currently affects Windows systems but if you do have real security software on your computer that is up to date, you should be safe from this family of malware.

The Advanced Security Pro example is particularly noteworthy because if you do become infected, and you fail to pay for the full product version within a few minutes, it takes a photo using your webcam of whatever is in front of it. It then and displays the image claiming that malware is trying to send that image to unidentified recipients.

It also (falsely) identifies any executable files (such as .exe files) on your computer as malicious files, and states that malware it has identified may try to steal your personal information such as credit card numbers, emails or personal photos for the purpose of blackmail.

Although it seems to be acting in your interests, do not be fooled. This is an attempt at blackmail.

It also disables Windows System Restore options, preventing you from attempting a restore of your computer.

Unlike some of the types of ransomware in circulation that actually encrypt your computer, this fake antivirus does not carry out its threat and, according to researchers at security firm Webroot who identified the virus, it does not attempt to send photos.

It is spread via a number of different methods, which include vulnerabilities in Java or other malware on your computer, but is also known to be spread as fake email attachments, fake torrents and from visiting websites that may host the malware.

What should you do?

Do not pay the scammers. It does not guarantee the infection will be removed. It is possible to remove this fake antivirus once it is on your computer.

As always, prevention is simpler than trying to fix the problem. Up to date security software should identify this malware and prevent it from installing on your computer.

  • Always use security software from a reputable vendor.
  • Make sure it is up to date and switched on.
  • Make sure your operating system and applications are up to date, including Java, Adobe Reader and Flash.
  • Use an up to date web browser.
  • Be suspicious of unsolicited emails.
  • Do not click links or open attachments unless you are confident about the sender and information the email contains. If you are unsure, the best advice is to simply delete the email.
  • Be aware that torrent sites frequently carry malware.

If you have been infected by this fake antivirus

Webroot advises it is possible to remove this malware by performing a System Restore; however the malware disables System Restore as well as some of the other Boot Mode options. System Restore would need to be switched back on before you could attempt this.

If you are not familiar with these approaches, you would be advised to seek further technical advice from your local support provider.

More information

Read Webroot’s blog post about this malware.

Read Stay Smart Online’s recommended steps for securing your computer and general advice for dealing with infections.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.

Information provided by Webroot.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online