Rogue security software

Rogue security software is software that uses malware (malicious software) or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistent malware. Rogue software will often install a trojan horse to download a trial version, or it will execute other unwanted actions. The first and still most comprehensive study of rogue and real antispyware programs was carried out by Eric L. Howes.^[1]

Effects

The main goal of rogue software makers is to sell their product. Many times fake Windows dialog boxes will appear. Most of the time, they will display a message such as "WARNING! Your computer is infected with Spyware/Adware/Viruses! Buy [software name] to remove it!" Usually, when the dialog box's OK button is clicked, this will direct the user to a malicious website, which may download more malware. Sometimes, even clicking the upper right hand X button to close the dialog box will produce the same effect or activate the software's installation. (Pressing Alt+F4 can circumvent that trick). Some software, like SpyAxe will automatically download the trial version without any user action (drive-by installation).

False positives

A variant of the above technique that rogue security software makers use is that of false positives. A false positive is a fake or false malware detection in a computer scan. This can convince even advanced users that their computer is infected who may not be deceived by the abovementioned similar claims without a scan. This is quite different from an accidental false positive, which can be produced in a scan by security software from honest companies.

Detection

Almost all reputable antispyware software will detect rogue software if it is installed on the scanned computer. Often, non-reputable rogue antispyware software will install a Trojan horse to download the software from the maker's website, like Titan Shield.^[2] Reputable antispyware software can detect the Trojan even before the software is installed. Programs such as Ad-Aware SE, AVG Anti-Virus and Avast! can usually detect these. However, often removal of new, aggressive rogue programs requires use of programs such as HijackThis combined with manual removal processes because it can take quite a while before the manufacturers of the abovementioned legitimate programs learn how to automate the process and update their programs. Use of HijackThis without specialist help can cripple a computer, and users are advised to get help from the many voluntary specialists in forums such as Spyware Warrior, Safer Networking,Bleeping Computer,Virus Removal Guru, and others.

Lawsuits

Recently, lawmakers as well as private citizens have attempted to shut down vendors of these companies, specificly XPdefender, WinSpywareProtect, WinDefender, WinFixer, MalwareCore, and Antivirus 2009 have been named in lawsuits.^[3]^[4]

Partial list of rogue software

There are a large number of number of fake anti-spyware programs active on the Internet. Typically, widely-distributed Web banner ads falsely warn users that their computers have been infected with Malware, enticing them to download the rogue software. Once installed, the software uses human engineering and false positives to manipulate the user into purchasing the software. These programs do not actually remove spyware — or worse, may add more.

The following is a partial list of known rogue software. Often the same software is distributed under several names.

References

[1] Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites

[2] TitanShield - Symantec.com

[3] ttp://msmvps.com/blogs/spywaresucks/archive/2008/09/30/1649214.aspx

[4] ttp://www.mercurynews.com/ci_8668679?nclick_check=1

[5] Advanced Cleaner

[6] Symantec

[7] Symantec

[8] [1]

[9] Symantec

[10] 411-spyware

[11] softratty.com

[12] softratty.com

[13] Symantec

[14] Symantec

[15] Symantec

[16] Symantec

[17] Symantec

[18] Symantec

[19] Symantec

[20] Symantec

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]