HTML/FakeAlert, bogus web pages named by ESET, are showing made-up, fake alert messages usually about dummy virus infections, which if true, would harm the computer or affect users' data.
ESET detected the malware in December 2009. After years of only marginal activity, it started to show higher prevalence levels during Q2 2016. On 17 September 2016, it reached a 2.05 percent global infection ratio.
Currently, the UK is one of the most affected countries by the HTML/FakeAlert malware with over a 10 percent share of all malware detected by ESET from 5 September to 5 October.
To mitigate the supposed threat, the user is usually urged to contact fake technical support (the scammers) or download and sign up for a fake security solution.
The malware is typically a starting point for so-called support scams, which ultimately lead to the victims either losing money or having some other malware installed on their computers via the “recommended” programs found on the fake alert page.
To help internet users avoid getting suckered into a support scam, ESET recommends:
- Keeping all systems on your computer up-to-date and fully patched
- Using a quality security solution
- Not trusting unsolicited messages or phone calls, even if they claim to be from or on behalf of software/services vendor
- Using the phone number or email address provided by the official website of the software or operating system vendor if you want to contact tech support
“Support scams are a very popular way to dupe English-speaking users who pose a big and economically viable target. That might be the reason why the United Kingdom is ranking amongst the most targeted countries when it comes to this specific threat,” said Mark James, IT security specialist at ESET.