Email: TheGeek@HazenComputers.com

Based in Northern Arizona.

Rouge Security Software – Fake Virus Messages

According to Wikipedia, Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and manipulates them into paying money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has become a serious security threat in desktop computing since 2008.
 
Propagation
Rogue security software mainly relies on social engineering (fraud) to defeat the security built into modern operating system and browser software and install itself onto victims’ computers.[2] A website may, for example, display a fictitious warning dialog stating that someone’s machine is infected with a computer virus, and encourage them through manipulation to install or purchase scareware in the belief that they are purchasing genuine antivirus software.
 
Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:
 
A browser plug-in or extension (typically toolbar)
An image, screensaver or archive file attached to an e-mail message
Multimedia codec required to play a certain video clip
Software shared on peer-to-peer networks
A free online malware-scanning service
Some rogue security software, however, propagate onto users’ computers as drive-by downloads which exploit security vulnerabilities in web browsers, PDF viewers, or email clients to install themselves without any manual interaction.
 
More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites[6] before arriving at a landing page that says that their machine is infected and pushes a download to a “trial” of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising.
 
Cold-calling has also become a vector for distribution of this type of malware, with callers often claiming to be from “Microsoft Support” or another legitimate organization.
 
scarewareAn example of a scareware screen.
 
Operation
Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:
 
Alerting the user with the fake or simulated detection of malware or pornography.
Displaying an animation simulating a system crash and reboot.
Selectively disabling parts of the system to prevent the user from uninstalling the malware. Some may also prevent anti-malware programs from running, disable aut5omatic system software updates and block access to websites of anti-malware vendors.
 
Installing actual malware onto the computer, then alerting the user after “detecting” them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.
 
Altering system registries and security settings, then “alerting” the user.
Developers of rogue security software may also entice people into purchasing their product by claiming to give a portion of their sales to a charitable cause. The rogue Green antivirus, for example, claims to donate $2 to an environmental care program for each sale made.
 
Some rogue security software overlaps in function with scareware by also:
 
Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.
Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices. These are intended to use the trust that the user has in vendors of legitimate security software.
Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks—already complex to begin with—to operate profitably. Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.
 
Rogue security software is often distributed through highly lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software. An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 over 10 days, from tens of thousands of successful installations.
 
This Geek Recommends
If you receive scareware or a fake virus popup; do NOT call the toll free number; most likely you will get a heavily accented person on the other end who is VERY aggressive in convincing you to #1-give them money to clean your computer, but to also sign up for a monthly service that allows them to “monitor” your system (you’re basically giving them 24/7 unlimited/free access to your system – to watch EVERYTHING you do online and will ADMITTEDLY (almost threatening) tell you to NOT take your computer to your local geek (why? because THEY know that WE would know it’s a fake).
 
If you have a scareware screen or popup that all of a sudden tells you that you have a virus. Immediately shoot me an email (thegeek@hazencomputers.com) and we’ll get a remote virus scan set up for you.
 
Mention our October Special to get rid of that “Scareware” – Remote Virus Removal only $95, you save $30!! Enough to buy tons of candy for those trick-or-treaters!
 
1016special
 
 

Source: Wickipedia – Rouge Security Software. https://en.wikipedia.org/wiki/Rogue_security_software