|
Rogue security software
a form of
computer malware that deceives or misleads users into
paying for the fake or simulated removal of malware.
Rogue security software, in recent years, has become a
growing and serious security threat in desktop
computing.
Don't whip out
that credit card and pay these guys! they want your
money and your computer under their control!
Common Customer
Question - "HOW DID I GET THIS?!"
Rogue security software mainly relies on social
engineering in order to defeat the security built into
modern operating system and browser software and install
itself onto victims' computers.
Most have a Trojan horse component, which users are
misled into installing. The Trojan may be disguised as:
- A browser plug-in or extension (typically toolbar)
- An image, screensaver or archive file attached to
an e-mail message
- Multimedia codec required to play a certain video
clip
- Software shared on peer-to-peer networks
- A free online malware scanning service
Some rogue security software, however, propagate onto
users computers as drive-by downloads which exploit
security vulnerabilities in web browsers, pdf viewers,
or e-mail clients to install themselves without any
manual interaction.
More recently, malware distributors have been
utilizing SEO poisoning techniques by pushing infected
URLs to the top of search engine results about recent
news events. People looking for articles on such events
on a search engine may encounter results that, upon
being clicked, are instead redirected through a series
of sites before arriving at a landing page that says
that their machine is infected and pushes a download to
a "trial" of the rogue program
What happens once the bug is
installed?
Once installed, the rogue security software may then
attempt to entice the user into purchasing a service or
additional software by:
- Alerting the user with the fake or simulated
detection of malware or pornography.
- Displaying an animation simulating a system crash
and reboot.
- Selectively disabling parts of the system to
prevent the user from uninstalling them. Some may also
prevent anti-malware programs from running, disable
automatic system software updates and block access to
websites of anti-malware vendors.
- Installing actual malware onto the computer, then
alerting the user after "detecting" them. This method
is less common as the malware is likely to be detected
by legitimate anti-malware programs.
Developers of rogue security software may also entice
people into purchasing their product by claiming to give
a portion of their sales to a charitable cause. The
rogue Green antivirus, for example, claims to donate $2
to an environmental care program for each sale made.
Some rogue security software overlaps in function
with scareware by also:
- Presenting offers to fix urgent performance
problems or perform essential housekeeping on the
computer.
- Scaring the user by presenting authentic-looking
pop-up warnings and security alerts, which may mimic
actual system notices. These are intended to leverage
the trust of the user in vendors of legitimate
security software.
Partial list of rogue security software
The following is a partial list of rogue security
software, most of which can be grouped into families.
These are functionally-identical versions of the same
program repackaged as successive new products by the
same vendor.
|
St. Augustine PC
