Beware of Click Jacking and AV360

  • Comments: 9
  • Written on: March 13th, 2009

clickjackingWe have been busy at Schrock Innovations repairing click-jacking victims who have become infected with the latest fake-alert variant called AV 360.  These fake antivirus programs infect your computer and tell you that to fix your PC you need to pay them $50 for a fully functional version of their program.

This stuff is infecting people running McAfee, Norton Antivirus and Internet Security, AVG, Avast, and numerous other widely used programs (NOT Norton 360 – more on that later). I wanted to take a moment to describe what click jacking is, how you get infected with Antivirus 360, and what you can do to prevent it.

What is Click Jacking?

A person is “Click Jacked” when they go to a web page that appears to be legitimate (like an online game website or a stock trading website) and click on something that looks legitimate.

Once the user clicks, the click is rerouted to a illegitimate source that infects the user’s computer.  The person using the computer never knows anything has happened until it is too late.  A more technical description of click jacking can be read here.

How Do You Get Infected with AV360?

After you have been “click jacked” your computer is told to download a virus to your hard drive.  In many cases your antivirus software will be disabled and destroyed by the virus, which will then itsself mascarade as a legitimate antivirus program.  It will ask you to use your credit card to buy a license for the software online so it can “clean” your computer.

AV360 is the latest in a long line of “fake alert” infections that included Internet Antivirus 2009 for example.  These infections also prevent the installation of almost all widely used antivirus and malware removal programs, which means once you are infected it can be difficult to get clean again without the assistance of a technician.

How the Attackers Find You

Each of these infections have a life cycle, and that is why the malware authors continually release new version of the software to infect you.  This is the bullet-list life cycle that they use to find you and infect your computer:

  • The malware authors create the fake alert malware program (the virus)
  • They then create thousands of legitimate websites with useful information all centered around a popular search term (what people are searching for in Google)
  • All at once they release the legitimate websites they created on the web and they are added to the search engines’ indexes
  • Over time, tactics are used to push the suspect websites to the top of the search results
  • Once they have all or most of the top 10 results for a search term, the content is changed to click jack visitors
  • Visitors are infected
  • Over time, the pages are located and are rendered ineffective by antivirus software or anti-phishing filters
  • The infection dies off and the cycle begins again with a new name and new websites

Why Do These People Do This?

The main goal of the fake-alert schemes are to trick people into spending $50-$100 to buy the fake antivirus program.  I have not heard of any credit card fraud associated with the numbers that are collected in this process, but I certainly wouldn’t trust them myself.

A secondary goal is to build a network of computers that can be used to attack other computers (a botnet).  All of the users that are tricked into buying the program think they are now safely protected.  In the mean time, the malware authors now have unfettered access to their PCs and can use them for any number of nefarious purposes.

In the past botnets have been used to:

  • Attack foreign governments (Russia attacked Georgia with a botnet before their land invasion)
  • Make money with pop-up windows
  • Attack and disable websites (DDoS Attacks)
  • Backdoor other infections into the computer
  • Steal vital information like passwords, credit card numbers, or Social Security account numbers

How Can I Protect Myself From Click Jacking?

At Schrock Innovations we recommend and install Norton 360 exclusively now.

We don’t get paid anything by Symantec to recommend their software, but because we warranty every installation we perform we recommend software that works.  If we install antivirus software on your computer and you get infected, Schrock is obliged to remove your infection at no additional cost to you.

As you might imagine we don’t want warranty service calls for virus removals, so we recommend the one program we have seen that can actually get the job done right – Norton 360.

  1. Kate
    Kate said on March 16th, 2009 at 1:06 pm

    I got one of those on my work computer just a couple of weeks ago. It pretended to be a Windows Anti-virus update. The IT guy came and cleaned up my computer for me and put another malware program on that works really well. You can definitely tell its not a bonafide Microsoft Antvirus program because it bugs the living crap out of you about “potential threats” with pop-ups over your programs. Beware.

  2. Ruby W said on March 19th, 2009 at 1:40 am

    I detest these creatures that do this to us. I suffered a similar clickjacking effort the other day, and it cost a callout for a techie to come and remove it. I will definitely investigate Norton 360. You didn’t mention Kaspersky, so I take it that it isn’t effective?

  3. Gareth said on March 19th, 2009 at 7:26 am

    Use Linux and Firefox and u wont get infected with av360 and other rubbish like that. One of my clients got infected with AV360 from looking at adult sites, so gave him an Ubuntu Live CD, told him to boot from that and use Firefox if he must look at r18 adult sites, saves me having to remove viruses like AV360 from his pc every week.

  4. RK
    RK said on March 19th, 2009 at 1:02 pm

    I am in IT and have seen several infections so far. The best thing to do is to use a browser that is not susceptible to these attacks. I recommend Google Chrome, the only browser that is safe so far.

  5. Thor said on March 19th, 2009 at 11:44 pm

    @RK Thanks for the comment, but I have to disagree. Click jacking is a flash vulnerability, and can even attack a browser running in Linux.

    Aside from that I have a completely irrational seething hatred for Google Chrome. It makes me want to crush my monitor when I see its stupid little curved tabs on my screen. Three clicks to print something… GRRRR!

  6. Vlad said on January 24th, 2011 at 10:15 am

    I think the Click Jacking can be easily disinfected with the latest version of Kaspersky Antivirus. If you have the Internet Security option activated, the virus will be not able to pass the firewall and to replicate itself in your computer.

  7. Thor said on January 26th, 2011 at 8:57 am

    Not true. Unfortunately , I see the evidence every day in our Service Centers

  8. New Fake-Alert Infection Plays on Green Movement said on September 8th, 2009 at 11:49 pm

    […] AV infects your computer through click jacking (only Norton 360 can stop […]

  9. Alpha Anti-Virus Fake Alert Hitting Computer Users said on October 29th, 2009 at 5:01 am

    […] these sites climb to an appropriate level, click-jacking code is inserted that will infect unprotected computers as soon as they visit the page – without […]

What do you think? Join the discussion...

How do I change my avatar?

Go to gravatar.com and upload your preferred avatar.


Subscribe to My RSS Feed

Subscribe Form Click to Subscribe or

      TwitterCounter for @thorschrock

Ed Wunder Loves Schrock's Service

Top Commentators

Schrock Innovations' New Ride

Revolution Wraps Rocks!

Geek Squad Hires Anyone!

Other Recent Videos


We're on the Morning Blend answering your Lincoln Nebraska computer repair questions regarding warranties


Need your computer repaired in Omaha? If you're never visited Schrock Innovations before (1st time client), stop by for a FREE hour of repair

Our Open Adoption

    Kim and I are seeking to adopt another child through Open Adoption. If you know of a birth mother seeking a stable, loving family in Nebraska, please direct her to our website at nebraskaopenadoption.com.

Thor's Sponsors

    Computer Repair Lincoln NE
© Thor Schrock 2009