SAN FRANCISCO (CBS/CNET) As if keeping viruses from your computer isn't hard enough, there are new reports that tens of millions of people might be installing fake antivirus software that doesn't protect their computers, installs its own viruses and charges the unsuspecting user for the privilege.
All that good news is in a report released Wednesday from PandaLabs, an antivirus software maker.
PandaLabs found 1,000 samples of fake antivirus software in the first quarter of 2008. A year later, that number had grown to 111,000. And in the second quarter of 2009, it reached 374,000, Luis Corrons, technical director of PandaLabs said in a recent interview.
"We've created a specific team to deal with this," he said, of the rogue antivirus software that issues false warnings of infections in order to get people to pay for software they don't need. The programs also typically download a Trojan or other malware.
PandaLabs found that 3 percent to 5 percent of all the people who scanned their PCs with Panda antivirus software were infected. Using that and worldwide computer stats from Forrester, PandaLabs estimates there could be as many as 35 million computers infected per month with rogue antivirus programs.
About 3 percent of the people who see the fake warnings fall for it, forking over $50 for an annual license or $80 for a lifetime license, according to Corrons.
Last September, a hacker was able to infiltrate rogue antivirus maker Baka Software and discovered that in one period an affiliate made more than $80,000 in about a week, said Sean-Paul Correll, a PandaLabs threat researcher.
A Finjan report from March estimated that fake antivirus distributors can make more than $10,000 a day.
"The general consumer doesn't understand" the threat, Correll said. "No legitimate antivirus vendor will start a scan automatically on your computer without your consent."
After all the hoopla about the Conficker threat, researchers seemed almost relieved that it turned out to distribute fake antivirus software instead of something much worse.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor or read her Insecurity Complex blog>.