Firewall and security applications (i.e. Antivirus) provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do. Current anti-malware solutions are much more effective than they have ever been in detecting worms, viruses and other forms of malware.
So what are hardworking cyber crooks to do then, since it has become more difficult for them to overcome your more reliable Internet security defenses? How are they going to continue to rake in their dirty money? Well, how about using social engineering to convince you to download and install a malware package voluntarily?
Fear, a great social engineering motivator is the latest weapon being used against unsuspecting/inexperienced Internet users to convince them to download “rogue security software”. Without a doubt there is an epidemic of rogue security software on the Internet at the moment; and much of it is using social engineering to convince users’ to download an unsafe product.
So there you are surfing the net when suddenly you find this popup on your screen: “System Alert! System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date anti-spyware solution”.
Using fear as the motivator, this type of popup announcement becomes a very powerful motivator.
Would you click on the icon?
Briefly, rogue security software is software that uses malware or malicious tools to advertise or install itself. Often, after installation on a system, an attempt is made to force users to pay for removal of nonexistent spyware through the purchase of the “full” version of the bogus software, based on the false malware positives generated by the application. Of course, since it is rogue software, it cannot detect or remove malware.
Worst, in many cases rogue software has the potential to gather private and personal information from an infected machine. This could include passwords, credit card details, and other sensitive information.
Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database can be behind the curve in recognizing the newest threats.
A good partial solution to this problem is to ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis to identify newer threats.
Also, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure.
An absolute must is making sure that the security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.
A further resource worth noting is the Bleeping Computer web site, where help is available for many computer related problems, including the removal of rogue software.
Listed below are some of the most aggressive rogue security applications currently flooding the Internet. These are the ones to look out for:
A clone of MalwareBell, FilesSecure and IEDefender was specifically developed to mislead unaware computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.
Even if you are tricked into paying for the “full” version, nothing, not even the false warnings will be cleaned from your computer.
Once installed, it continues to run as a background process, incessantly reporting those fake or false malware detection warnings discussed earlier, if the full program fee is not paid.
To really try your patience, this rogue security software cannot be uninstalled using the Windows Add/Remove Programs tool.
(a clone of WinIFixer), is rogue anti-spyware software from Bakasoftware (Bakasoftware.com), which also operates under the name Pandora Software, that tricks users into installing the program and attempts to convince the user that the computer has been infected.
Reportedly, Advanced XP Fixer can also be installed through Internet browser exploits, or by means of the Zlob or Vundo.Trojans.
When the program runs, a warning message appears indicating that the computer has been infected by malware. Subsequently, a screensaver launches which shows cockroaches eating the desktop.
is capable of hijacking the desktop, after it infects a computer, by way of web browser security holes. It can also be inserted onto a machine by a number of Trojan downloaders.
AntiSpywareMaster attempts to convince victims to spend $30 - $50 to remove false positives that this program is designed to install on your machine.
(By) Bill Mullins is a Blogger who writes on Internet Security, System Tools, Free Software, and provides downloads links. Check out his Blog at Tech Thoughts
Enjoyed this article? Subscribe to MakeUseOf and get daily updates about new cool websites and programs in your email for free. Plus get free cheat sheets to your favorite programs.
Filed Under: Cool Software Apps ¦ Cool Websites ¦ Lists of tools ¦ Windows
Tags: anti-adware, anti-spyware, beware, security, windows tips
Great article Bill! I run into these each and every day. Removing them is not the issue explaining to end users why they should not download software to protect their computers that they are not familiar with…
Like GI Joe used to say “Knowing is half the battle!”
Hey Karl,
Thanks for the cool comment. Love the G.I. Joe quote; it really fits - surfing the Internet is more and more like walking through a minefield!
Bill
One big omission: this kind of alert usually comes from a SmitFraud variant. You can get smitfraud fix here. It’s dead simple to use, just make sure you’re in safe mode when you use it - and run it on EVERY user account.
Hey Lee,
Thanks for making this excellent point.
Another suggestion is to use OpenDNS. Turn on their filters and you can avoid many of these rogue web sites automatically. Great article.
Hey Mike,
Another solid suggestion!
Thanks Mike.
mvps.org hosts file blocker is another good option…Also search MUO for the “Web of Trust” plugin article…It’s a great addon for some extra security. Probably not so useful for the red-green colorblind, since it alerts you with colored donuts.
Hey Lee,
Thanks for the comment - I’ll check it out.
BTW “Web of Trust” now has a version of their Internet Browser plugin specifically for those who are colorblind. I’ve got a review of it on Tech Thoughts.
Bill
Great article!
Hey Ben,
Thanks for the comment. Very cool.
Bill
The most reliable solution, but also most difficult to implement, is not to run your machine as a local admin. Most viruses and spyware operate with the security permissions of the current user. So if you don’t have write permission to the system folder or permission to install software, the rogue applications won’t either.
Hey Peter,
Very valid point. If we could all run as a non-administrator, particularly when exposing our machines to the Internet in all it’s various forms, our overall security would be enhanced dramatically.
Thanks Peter, for bringing out a point that we should all be aware of.
Bill
Awesome post, Bill. Will refer to this article and will be forwarding to my friends.
Thank you.
Hey Shankar,
Awesome is an awesome word!
Thanks Shankar.
Bill
Great read, I rarely stumble MUO articles but this one desrerves it. Thanks Bill!
Hey Aibek.
Very cool comment! Thank you.
Bill
Great info! I have had two of these infections… both times i got all of those popups and i was about to go crazy. I was about to just pay them so the popups would stop. haha.. glad i didn’t.
thanks for the enlightment!