Firewall and security applications (i.e. Antivirus) provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do. Current anti-malware solutions are much more effective than they have ever been in detecting worms, viruses and other forms of malware.
So what are hardworking cyber crooks to do then, since it has become more difficult for them to overcome your more reliable Internet security defenses? How are they going to continue to rake in their dirty money? Well, how about using social engineering to convince you to download and install a malware package voluntarily?
Fear, a great social engineering motivator is the latest weapon being used against unsuspecting/inexperienced Internet users to convince them to download “rogue security software”. Without a doubt there is an epidemic of rogue security software on the Internet at the moment; and much of it is using social engineering to convince users’ to download an unsafe product.
So there you are surfing the net when suddenly you find this popup on your screen: “System Alert! System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution”.
Using fear as the motivator, this type of popup announcement becomes a very powerful motivator.
Would you click on the icon?
Briefly, rogue security software is software that uses malware or malicious tools to advertise or install itself. Often, after installation on a system, an attempt is made to force users to pay for removal of nonexistent spyware through the purchase of the “full” version of the bogus software, based on the false malware positives generated by the application. Of course, since it is rogue software, it cannot detect or remove malware.
Worst, in many cases rogue software has the potential to gather private and personal information from an infected machine. This could include passwords, credit card details, and other sensitive information.
Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.
A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.
Also, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure.
An absolute must is making sure that the security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.
A further resource worth noting is the Bleeping Computer web site, where help is available for many computer related problems, including the removal of rogue software.
Listed below are some of the most aggressive rogue security applications currently flooding the Internet. These are the ones to look out for:
A clone of MalwareBell, FilesSecure and IEDefender was specifically developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.
Even if you are tricked into paying for the “full” version, nothing, not even the false warnings will be cleaned from your computer.
XP Antivirus 2008
Once installed, it continues to run as a background process, incessantly reporting those fake or false malware detection warnings discussed earlier, if the full program fee is not paid.
To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.
Advanced XP Fixer
(a clone of WinIFixer), is rogue anti-spyware software from Bakasoftware (Bakasoftware.com), which also operates under the name Pandora Software, that tricks users into installing the program and attempts to convince the user that the computer has been infected.
Reportedly, Advanced XP Fixer can also be installed through Internet browser exploits, or by means of the Zlob or Vundo.Trojans.
When the program runs, a warning message appears indicating that the computer has been infected by malware. Subsequently, a screensaver launches which shows cockroaches eating the desktop.
is capable of hijacking the desktop, after it infects a computer, by way of web browser security holes. It can also be inserted onto a machine by a number of Trojan downloaders.
AntiSpywareMaster attempts to convince victims to spend $30 – $50 to remove false positives that this program is designed to install on your machine.
What you can do to reduce the chances of infecting your system with rogue security software:
- Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
- Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.
- Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
- Do not click on unsolicited invitations to download software of any kind.
Additional precautions you can take to protect your computer system:
- When you are surfing the web: Stop. Think. Click
- Don’t open unknown email attachments
- Don’t run programs of unknown origin
- Disable hidden filename extensions
- Keep all applications (including your operating system) patched
- Turn off your computer or disconnect from the network when not in use
- Disable scripting features in email programs
- Make regular backups of critical data
- Make a boot disk in case your computer is damaged or compromised
- Turn off file and printer sharing on the computer.
- Install a personal firewall on the computer.
- Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
- Ensure the anti-virus software scans all e-mail attachments