Rogue security software

From Wikipedia, the free encyclopedia

  (Redirected from Rogue software)
Jump to: navigation, search

Contents
This article needs additional citations for verification.
Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (January 2009)

Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing.[1]

[edit] Propagation

Rogue security software mainly relies on social engineering in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.[1]

Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:

  • A browser plug-in or extension
  • An image, screensaver or archive file attached to an e-mail message
  • Multimedia codec required to play a certain video clip
  • Software shared on peer-to-peer networks[2]
  • A free online malware scanning service[3]

Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers or e-mail clients to install themselves without any manual interaction.[2]

[edit] Operation

Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:

  • Alerting the user with the fake or simulated detection of malware or pornography.[4]
  • Displaying an animation simulating a fake system crash and reboot.[1]
  • Selectively disabling parts of the system to prevent the user from uninstalling them. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.
  • Installing actual malware onto the computer, then alerting the user after "detecting" them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.

Some rogue security software overlaps in function with scareware by also:

  • Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.[4]
  • Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices.[5] These are intended to leverage the trust of the user in vendors of legitimate security software.[1]

[edit] Detection and removal

See also: Microsoft Security Essentials

Microsoft releases an update of its Malicious Software Removal Tool every month,[6] which it recommends for the detection and removal of rogue security software. On systems where installation of the tool is blocked by malware, an online scanning service is also provided.[5][7]. There is also Microsoft Security Essentials, a tool that detects and prevents malware.

[edit] Motivations

Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks—already complex to begin with[8]—to operate profitably.[9] Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.[10]

Rogue security software is often distributed through highly-lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software.[11] An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 from tens of thousands of successful installations per month.[12]

[edit] Law enforcement

In December 2006, the Washington Attorney General announced that it had reached settlement in a suit against Secure Computer LLC, the White Plains-based vendor of the Spyware Cleaner rogue security software, under the Computer Spyware Act passed by the Washington State Legislature in 2005. Secure Computer, under consent decree, agreed to pay more than $USD75,000 in restitution to consumers.[13]

In December 2008, the US District Court for Maryland—at the request of the FTC—issued a restraining order against Innovative Marketing Inc, a Kiev-based firm producing and marketing the rogue security software products WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.[14] The company and its US-based web host, ByteHosting Internet Hosting Services LLC, had their assets frozen, were barred from using domain names associated with those products and any further advertisement or false representation.[15]

Law enforcement has also exerted pressure on banks to shut down merchant gateways involved in processing rogue security software purchases. In some cases, the high volume of credit card chargebacks generated by such purchases have also prompted processors to take action against rogue security software vendors.[16]

[edit] Partial list of rogue security software

The following is a partial list of rogue security software, most of which can be grouped into families. These are functionally-identical versions of the same program repackaged as successive new products by the same vendor.[12][17]

[edit] References

  1. ^ a b c d "Microsoft Security Intelligence Report volume 6 (July - December 2008)". Microsoft. 2009-04-08. 92. http://www.microsoft.com/downloads/details.aspx?FamilyID=aa6e0660-dc24-4930-affd-e33572ccb91f&displaylang=en. Retrieved on 2009-05-02. 
  2. ^ a b Doshi, Nishant (2009-01-19), Misleading Applications – Show Me The Money!, Symantec, https://forums2.symantec.com/t5/blogs/blogprintpage/blog-id/security_risks/article-id/53, retrieved on 2009-05-02 
  3. ^ Doshi, Nishant (2009-01-21), Misleading Applications – Show Me The Money! (Part 2), Symantec, https://forums2.symantec.com/t5/blogs/blogprintpage/blog-id/security_risks/article-id/54, retrieved on 2009-05-02 
  4. ^ a b "Free Security Scan" Could Cost Time and Money, Federal Trade Commission, 2008-12-10, http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt121.shtm, retrieved on 2009-05-02 
  5. ^ a b Beware of rogue security software, Microsoft, 2009-04-09, http://www.microsoft.com/protect/computer/viruses/rogue.mspx, retrieved on 2009-05-02 
  6. ^ Malicious Software Removal Tool, Microsoft, 2009-04-14, http://www.microsoft.com/security/malwareremove/default.mspx, retrieved on 2009-05-02 
  7. ^ "Windows Live OneCare safety scanner". Windows Live. Microsoft. http://onecare.live.com/site/en-us/default.htm?s_cid=sah/?s_cid=sah. Retrieved on 2009-05-02. 
  8. ^ Testimony of Ari Schwartz on "Spyware", Senate Committee on Commerce, Science, and Transportation, 2005-05-11, http://www.cdt.org/testimony/20050511schwartzspyware.pdf 
  9. ^ Leyden, John (2009-04-11). "Zango goes titsup: End of desktop adware market". The Register. http://www.theregister.co.uk/2009/04/21/zango. Retrieved on 2009-05-05. 
  10. ^ Cole, Dave (2006-07-03), Deceptonomics: A Glance at The Misleading Application Business Model, Symantec, https://forums2.symantec.com/t5/blogs/blogprintpage/blog-id/grab_bag/article-id/5, retrieved on 2009-05-02 
  11. ^ Doshi, Nishant (2009-01-27), Misleading Applications – Show Me The Money! (Part 3), Symantec, https://forums2.symantec.com/t5/blogs/blogprintpage/blog-id/security_risks/article-id/55, retrieved on 2009-05-02 
  12. ^ a b Stewart, Joe (2008-10-22), Rogue Antivirus Dissected - Part 2, SecureWorks, http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2 
  13. ^ Attorney General McKenna Announces $1 Million Settlement in Washington’s First Spyware Suit, Washington State Office of the Attorney General, 2006-12-04, http://www.atg.wa.gov/pressrelease.aspx?&id=5926, retrieved on 2009-05-02 
  14. ^ Ex Parte Temporary Restraining Order RDB08CV3233, United States District Court for the District of Maryland, 2008-12-03, http://www.ftc.gov/os/caselist/0723137/081203innovativemrktgtro.pdf, retrieved on 2009-05-02 
  15. ^ Lordan, Betsy (2008-12-10), Court Halts Bogus Computer Scans, Federal Trade Commission, http://www.ftc.gov/opa/2008/12/winsoftware.shtm, retrieved on 2009-05-02 
  16. ^ Krebs, Brian (2009-03-20), "Rogue Antivirus Distribution Network Dismantled", Washington Post, http://voices.washingtonpost.com/securityfix/2009/03/sunlight_disinfects_rogue_anti.html, retrieved on 2009-05-02 
  17. ^ Howes, Eric L (2008-11-21), Spyware Warrior - Family Resemblances, http://www.spywarewarrior.com/family_resemblances.htm, retrieved on 2009-05-02 
  18. ^ Precise Security - Advanced Cleaner
  19. ^ Spyware Warrior - AlfaCleaner
  20. ^ BleepingComputer - AntiSpyCheck 2.1
  21. ^ BleepingComputer - AntispyStorm
  22. ^ 2-Spyare - AntiSpywareExpert
  23. ^ 2-Spyare - AntiSpywareExpert
  24. ^ 2-Spyware - AntiSpywareMaster
  25. ^ Precise Security - AntiSpywareSuite
  26. ^ BleepingComputer - AntiSpyware Shield
  27. ^ BleepingComputer - Antivermins
  28. ^ BleepingComputer - Antivirgear
  29. ^ BleepingComputer - Antivirus 2008
  30. ^ 2-Spyware - Antivirus 2009
  31. ^ Article noting that Antivirus 2010 and Anti-virus-1 are the same
  32. ^ Details on Antivirus 2010 showing it is rogue, its symptoms and removal
  33. ^ BleepingComputer - Antivirus360
  34. ^ BleepingComputer - AntivirusPro2009
  35. ^ Symantec - AntiVirus Gold
  36. ^ BleepingComputer - Antivirus Master
  37. ^ Symantec - Antivirus XP
  38. ^ 2-Spyware - Avatod Antispyware
  39. ^ SpywareRemove - Awola
  40. ^ BleepingComputer - Brave Sentry
  41. ^ SpywareRemove - BestsellerAntivirus
  42. ^ 2-Spyware - Cleanator
  43. ^ McAfee - ContraVirus
  44. ^ XP-Vista - Doctor Antivirus
  45. ^ 2-Spyare - Doctor Antivirus 2008
  46. ^ Symantec Symantec - DriveCleaner
  47. ^ MalwareBytes - EasySpywareCleaner
  48. ^ Symantec - Errorsafe
  49. ^ 411-Spyare - GreenAV2009
  50. ^ 2-Spyare - IE Antivirus
  51. ^ MalwareBytes - IEDefender
  52. ^ SpywareRemove - InfeStop
  53. ^ Symantec - Internet Antivirus
  54. ^ 2-Spyare - KVMSecure
  55. ^ Symantec - MacSweeper
  56. ^ MalwareBytes - MalwareCrush
  57. ^ MalwareBytes - MalwareCore
  58. ^ MalwareBytes - Malware Alarm
  59. ^ 2-Spyware - Malware Bell
  60. ^ 2-Spyware - Malware Defender
  61. ^ BleepingComputer - MS Antivirus
  62. ^ BleepingComputer MS Antispyware 2009
  63. ^ 2-Spyware - MaxAntispy
  64. ^ MalwareBytes
  65. ^ Sunbelt Security - Netcom3 Cleaner
  66. ^ 411-spyware - PCSecureSystem
  67. ^ BleepingComputer - PC Antispy
  68. ^ MalwareBytes - PC Clean Pro
  69. ^ SpywareRemove - PC Privacy Cleaner
  70. ^ BleepingComputer - PestTrap
  71. ^ MalwareBytes - PerfectCleaner
  72. ^ BleepingComputer - Perfect Defender 2009
  73. ^ BleepingComputer - PersonalAntiSpy Free
  74. ^ SpywareWarrior - PAL Spyware Remover
  75. ^ ComputerAssociates - PCPrivacy Tools
  76. ^ SpywareRemove - PC Antispyware
  77. ^ SpywareRemove - PSGuard
  78. ^ BleepingComputer - Rapid AntiVirus
  79. ^ BleepingComputer - Real Antivirus
  80. ^ Precise Security - Registry Great
  81. ^ Bleeping Computer - Safety Alerter 2006
  82. ^ Emsi Soft - SaliarAR
  83. ^ SpywareRemove - SecurePCCleaner
  84. ^ Precise Security - Security Toolbar 7.1
  85. ^ 2-Spyware - Smart Antivirus 2009
  86. ^ Symantec
  87. ^ Spyware Warrior - Spy Away
  88. ^ BleepingComputer - SpyCrush
  89. ^ Symantec - SpyDawn
  90. ^ Precise Security - SpyGuarder
  91. ^ BleepingComputer - SpyHeal
  92. ^ 411-Spyware - SpyMarshal
  93. ^ Symantec - Spylocked
  94. ^ Symantec - SpySheriff
  95. ^ Symantec - SpySpotter
  96. ^ 2-Spyare - SpywareBot
  97. ^ Spyware Warrior - Spyware Cleaner
  98. ^ BleepingComputer - SpywareGuard 2008
  99. ^ 2-Spyware - Spyware Protect 2009
  100. ^ Symantec - Spyware Quake
  101. ^ Spyware Warrior - Spyware Sheriff
  102. ^ Sunbelt Security - Spyware Stormer
  103. ^ MalwareBytes - Spyware Striker Pro
  104. ^ 411-Spyware - Spyware Protect 2009
  105. ^ Spyware Warrior - SpywareStrike
  106. ^ Symantec - SpyRid
  107. ^ McAfee - SpyWiper
  108. ^ 411-Spyare - System Antivirus 2008
  109. ^ BleepingComputer - System Live Protect
  110. ^ Symantec - SystemDoctor
  111. ^ 2-Spyware - System Security
  112. ^ BleepingComputer - Total Secure 2009
  113. ^ 2-Spyware - Trusted Antivirus
  114. ^ Symantec - TheSpyBot
  115. ^ BleepingComputer - UltimateCleaner
  116. ^ Symantec - VirusHeat
  117. ^ Symantec - VirusIsolator
  118. ^ BleepingComputer - VirusLocker
  119. ^ Symantec - VirusProtectPro
  120. ^ Symantec - VirusRemover2008
  121. ^ ComputerAssociates - VirusRemover2009
  122. ^ Symantec - VirusMelt
  123. ^ Sunbelt Security - Virus Ranger
  124. ^ Virus Removal Guru - Virus Response Lab 2009
  125. ^ BleepingComputer - VirusTrigger
  126. ^ Precise Security - Vista Antivirus 2008
  127. ^ 411-Spyware - WinAntiVirus Pro 2006
  128. ^ 2-Spyware - WinDefender
  129. ^ Symantec - WinFixer
  130. ^ Symantec - WinHound
  131. ^ Symantec - WinSpywareProtect
  132. ^ BleepingComputer - WinWeb Security 2008
  133. ^ Symantec - WorldAntiSpy
  134. ^ BleepingComputer - XP Antivirus
  135. ^ SpywareRemove - XP AntiSpyware 2009
  136. ^ [1]
  137. ^ Precise Security - Zinaps AntiSpyware 2008
  138. ^ Winpc Defender
  139. ^ SpywareProtect2009
  140. ^ Winpc Antivirus
  141. ^ Personal Antivirus
  142. ^ [2]

[edit] See also

[edit] External links

Retrieved from "http://en.wikipedia.org/wiki/Rogue_security_software"
Personal tools