US-CERT is aware of public reports indicating an increase in the instances of fake antivirus software circulating. These software applications are malicious code, not legitimate antivirus applications. These instances of malicious code are noted as being distributed through spam email messages containing malicious links, instant messages containing malicious links, private messages on social networking sites, infection from other malware, and from visiting compromised websites.

Quite often, this malware attempts to convince users that there is something wrong with their systems. This leads to an attempt persuade the users into purchasing an illegitimate antivirus application. If the user purchases the bogus software, the attacker may be able to obtain personal and credit card information for use in additional scams and fraudulent activity.

US-CERT encourages users to perform the following preventative measures to help mitigate the risks:

• Install legitimate antivirus software from a trusted vendor, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links found in email messages or instant messages.
• Use caution when visiting untrusted websites.
• Do not install untrusted software.

Read more: US-CERT Current Activity