Pinterest Stumbleupon Whatsapp
Ads by Google

Firewall What Firewall Software do you Use ? [Poll] What Firewall Software do you Use ? [Poll] Read More and security applications (i.e. Antivirus Top Antivirus Software. What's your Favorite? [Poll] Top Antivirus Software. What's your Favorite? [Poll] Read More ) provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do. Current anti-malware solutions Do you have a Spyware Removal Program? Which one? [Poll] Do you have a Spyware Removal Program? Which one? [Poll] Read More are much more effective than they have ever been in detecting worms, viruses and other forms of malware.

So what are hardworking cyber crooks to do then, since it has become more difficult for them to overcome your more reliable Internet security defenses? How are they going to continue to rake in their dirty money? Well, how about using social engineering to convince you to download and install a malware package voluntarily?

Fear, a great social engineering motivator is the latest weapon being used against unsuspecting/inexperienced Internet users to convince them to download “rogue security software”. Without a doubt there is an epidemic of rogue security software on the Internet at the moment; and much of it is using social engineering to convince users’ to download an unsafe product.

So there you are surfing the net when suddenly you find this popup on your screen: “System Alert! System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution”.

Using fear as the motivator, this type of popup announcement becomes a very powerful motivator.

Ads by Google

Would you click on the icon?

Briefly, rogue security software is software that uses malware or malicious tools to advertise or install itself. Often, after installation on a system, an attempt is made to force users to pay for removal of nonexistent spyware through the purchase of the “full” version of the bogus software, based on the false malware positives generated by the application. Of course, since it is rogue software, it cannot detect or remove malware.

Worst, in many cases rogue software has the potential to gather private and personal information from an infected machine. This could include passwords, credit card details, and other sensitive information.

Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.

A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.

Also, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure.

An absolute must is making sure that the security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.

A further resource worth noting is the Bleeping Computer web site, where help is available for many computer related problems, including the removal of rogue software.

Listed below are some of the most aggressive rogue security applications currently flooding the Internet. These are the ones to look out for:

IE AntiVirus

A clone of MalwareBell, FilesSecure and IEDefender was specifically developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if you are tricked into paying for the “full” version, nothing, not even the false warnings will be cleaned from your computer.

XP Antivirus 2008

Once installed, it continues to run as a background process, incessantly reporting those fake or false malware detection warnings discussed earlier, if the full program fee is not paid.

To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.

Advanced XP Fixer

(a clone of WinIFixer), is rogue anti-spyware software from Bakasoftware (Bakasoftware.com), which also operates under the name Pandora Software, that tricks users into installing the program and attempts to convince the user that the computer has been infected.

Reportedly, Advanced XP Fixer can also be installed through Internet browser exploits, or by means of the Zlob or Vundo.Trojans.

When the program runs, a warning message appears indicating that the computer has been infected by malware. Subsequently, a screensaver launches which shows cockroaches eating the desktop.

PCAntiSpyware

is capable of hijacking the desktop, after it infects a computer, by way of web browser security holes. It can also be inserted onto a machine by a number of Trojan downloaders.

AntiSpywareMaster attempts to convince victims to spend $30 – $50 to remove false positives that this program is designed to install on your machine.

What you can do to reduce the chances of infecting your system with rogue security software:

  1. Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
  2. Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
  3. Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
  4. Do not click on unsolicited invitations to download software of any kind.

Additional precautions you can take to protect your computer system:

  1. When you are surfing the web: Stop. Think. Click
  2. Don’t open unknown email attachments
  3. Don’t run programs of unknown origin
  4. Disable hidden filename extensions
  5. Keep all applications (including your operating system) patched
  6. Turn off your computer or disconnect from the network when not in use
  7. Disable Java, JavaScript, and ActiveX if possible
  8. Disable scripting features in email programs
  9. Make regular backups of critical data
  10. Make a boot disk in case your computer is damaged or compromised
  11. Turn off file and printer sharing on the computer.
  12. Install a personal firewall on the computer.
  13. Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  14. Ensure the anti-virus software scans all e-mail attachments

  1. Jeff Myers
    August 8, 2008 at 1:30 pm

    Great info! I have had two of these infections... both times i got all of those popups and i was about to go crazy. I was about to just pay them so the popups would stop. haha.. glad i didn't.

    thanks for the enlightment!

  2. Aibek
    June 20, 2008 at 12:28 am

    Great read, I rarely stumble MUO articles but this one desrerves it. Thanks Bill!

    • Bill Mullins
      June 20, 2008 at 12:53 pm

      Hey Aibek.

      Very cool comment! Thank you.

      Bill

  3. Bill Mullins
    June 19, 2008 at 10:45 am

    Hey Shankar,

    Awesome is an awesome word!

    Thanks Shankar.

    Bill

  4. Shankar Ganesh
    June 19, 2008 at 7:52 am

    Awesome post, Bill. Will refer to this article and will be forwarding to my friends. :)

    Thank you.

  5. Peter
    June 18, 2008 at 8:13 pm

    The most reliable solution, but also most difficult to implement, is not to run your machine as a local admin. Most viruses and spyware operate with the security permissions of the current user. So if you don't have write permission to the system folder or permission to install software, the rogue applications won't either.

    • Bill Mullins
      June 18, 2008 at 9:12 pm

      Hey Peter,

      Very valid point. If we could all run as a non-administrator, particularly when exposing our machines to the Internet in all it's various forms, our overall security would be enhanced dramatically.

      Thanks Peter, for bringing out a point that we should all be aware of.

      Bill

  6. Ben
    June 18, 2008 at 3:04 pm

    Great article!

    • Bill Mullins
      June 18, 2008 at 4:12 pm

      Hey Ben,

      Thanks for the comment. Very cool.

      Bill

  7. Mike
    June 18, 2008 at 11:12 am

    Another suggestion is to use OpenDNS. Turn on their filters and you can avoid many of these rogue web sites automatically. Great article.

    • Bill Mullins
      June 18, 2008 at 11:33 am

      Hey Mike,

      Another solid suggestion!

      Thanks Mike.

    • Lee Mathews
      June 18, 2008 at 12:58 pm

      mvps.org hosts file blocker is another good option...Also search MUO for the "Web of Trust" plugin article...It's a great addon for some extra security. Probably not so useful for the red-green colorblind, since it alerts you with colored donuts.

      • Bill Mullins
        June 18, 2008 at 2:03 pm

        Hey Lee,

        Thanks for the comment - I'll check it out.

        BTW “Web of Trust” now has a version of their Internet Browser plugin specifically for those who are colorblind. I've got a review of it on Tech Thoughts.

        Bill

  8. Bill Mullins
    June 18, 2008 at 11:05 am

    Hey Lee,

    Thanks for making this excellent point.

  9. Karl L. Gechlik
    June 18, 2008 at 10:26 am

    Great article Bill! I run into these each and every day. Removing them is not the issue explaining to end users why they should not download software to protect their computers that they are not familiar with...

    Like GI Joe used to say "Knowing is half the battle!"

    • Bill Mullins
      June 18, 2008 at 10:40 am

      Hey Karl,

      Thanks for the cool comment. Love the G.I. Joe quote; it really fits - surfing the Internet is more and more like walking through a minefield!

      Bill

  10. lee
    June 18, 2008 at 10:55 am

    One big omission: this kind of alert usually comes from a SmitFraud variant. You can siri.urz.free.fr/Fix/SmitfraudFix.exe get smitfraud fix here. It's dead simple to use, just make sure you're in safe mode when you use it - and run it on EVERY user account.

Leave a Reply

Your email address will not be published. Required fields are marked *