Panda Security claims that up to 30 million computers worldwide might be infected by “fake antivirus”. I usually take these numbers with a grain of salt, especially when they are coming from a company that just happens to sell real antivirus products. So let’s dig into their press release E-bulletin:

They don’t provide exact sources, but the 30 million is based on “data we are receiving at PandaLabs”. There’s no way to verify that, so let’s just assume this is true. Apparently users get infected by visiting websites, downloading files from peer-to-peer networks, et cetera. So far, it just sounds like plain old malware. Users are tricked into buying antivirus software because their computer appears to be infected:

These programs all operate in a broadly similar way: The program tells users that they are infected and pop-up windows, desktops and screensavers keep appearing, practically preventing the victim from using the computer. The aim is to scare the user into buying the fake antivirus with, for example, cockroaches ‘eating’ the desktop, or fake blue screens of death.

The user is then pointed to a web page offering a fake antivirus product that is supposed to remove the virus. This is a mild variety of traditional ransomware: make a computer unusable, and then demand money to fix is. Panda claims 3% of users fall for this scam:

The information we have at present suggests that some 3% of these users have provided their personal details1 in the process of buying a product that claims to disinfect their computers. In fact, they never even receive the product. Extrapolating from an average price of €49.95, we can calculate that the creators of these programs are receiving more than €10 million per month.

This is the kind of data that just doesn’t add up, no matter how you look at it. If 3% out of the 30 million infected users buy the fake product every month, we’re looking at €45 million per month, not 10. The numbers might be right if they mean that 3% of newly infected users fall for this scam; in that case, over 6 million PC’s would have to be infected with this particular malware each month. That seems a bit high to me.

Anyway, there is some good news hidden in the article. People that get malware on their computers are generally more likely to buy spamvertized goods or fall for other scams, but if the data from the article is correct only 3% of this highly vulnerable group actually buy the fake product, even though Panda says that “these fakes and the corresponding Web pages can look quite authentic”. Looks like the generaly public is getting better at recognizing these scams!