Watch Out For Rogue Software


Rogue software is malware (malicious software) that is downloaded and installed on a computer.  The most common type of rogue software in circulation today is fake security programs such as anti-virus or anti-spyware applications.

The purpose of this bogus software is to trick the user into believing their computer is infected with viruses or spyware, and then coerce them into paying money for a supposedly legitimate application that will remove it.

Antivirus 2009

Antivirus 2009 is just one of many titles of fake security malware that is circulating around the Internet.  According to anti-virus vendor Panda Security, there are now over 7000 variants of this malware that have been authored to date.

Those who have had the misfortune of encountering this exploit typically see something like the following. . .

If you see a pop-up like this appear on your computer, Do Not click on the Click Here! button.

A Ruse By Any Other Name

Antivirus 2009 is just one title among many associated with rogue security software.  Other titles that have surfaced recently include:
  • Antivirus 2009 Plus
  • XP Antivirus
  • Antivirus 2008
  • Antivirus Pro 2009
  • Antivirus 360
  • AntiVirus Lab 2009
  • Malware Doctor
  • WinAntispyware 2008
  • Antispyware Pro XP
  • Antivirus 2010
  • Antivirus 2011

Where Does This Software Come From?

While malware campaigns like this used to be spread via email, the most common source today is compromised web sites.  Frequently, this type of malware lurks on the pages of adult and gaming sites.  However, even legitimate sites infected with malicious code can be a source of this unwanted software.

Well-known sites like Google have been compromised in this way recently.  As always, it is important to pay attention to where you are going on the Internet, even when visiting legitimate sites.  It helps to know what to look out for, so please read on.

How Does This Malicious Software Work?

Encountering rogue software usually begins with the aforementioned visit to a compromised Web site.  Malicious code that has been embedded in the site's pages then downloads software to the unsupecting user's computer.  This is often in the form of an Internet Explorer plug-in (for those using Internet Explorer).

Next, a fake virus scanner program will pop up on the desktop and begin "scanning" the system for viruses.

Regardless of whether the scanned system is virus-free or not, the scanner will always "detect" a host of viruses and suspicious files.  Of course, the authors of the software invariably claim that the only way to effectively remove these newly discovered viruses is to purchase their program.  Prices vary, but typically the software will cost between $40 and $50.  Peace of mind is but a credit card charge away, or so these malware authors would have you believe.

Why This Malware Is Bad

  1. It is fraudulent.  In most cases, this type of software does nothing in terms of detecting and removing real viruses
  2. Fake AV programs are typically Trojan viruses in that they often contain other malware such keystroke loggers and password sniffers
  3. When these programs install, they alter browser and registry settings, and other hidden files, often necessitating re-formatting your hard drive and the re-installation of the software
  4. Not only are malicious individuals getting your $49.95, they are also capturing your credit card number which they are free to use themselves, or sell to other nefarious people
  5. Such exploits may allow rogue software authors to steal other confidential and personal information for criminal purposes such as identity theft
  6. Some types of rogue software will download and install silently without any user intervention at all.  This is referred to as a "drive-by download" installation

What's In It For The Bad Guys?

What do the bad guys have to gain from this?  A substantial amount of money, in fact.  It is estimated that some rogue security software authors are raking in as much as $150,000 per week.  Therefore, they are extremely motivated and continue to devise more devious ways to trick people into parting with their money, while at the same time finding clever means to defeat legitimate anti-virus tools.

What's A User To Do?

If you see a fake alert like this. . .

. . .ignore the warning completely.  No matter how urgent the pop-up message may appear, do not click any of its buttons or follow any instructions it provides.

Here are five signs that you may be a victim of rogue software:

  1. You start seeing pop-up alerts on your desktop from an unfamiliar source
  2. Those pop-ups continue appearing with greater frequency, even when you are not online
  3. You are bombarded with urgent messages prompting you to buy and download the advertised anti-virus or anti-spyware product immediately
  4. Your browser's default home page has been re-directed to a different site
  5. New icons appear on your desktop

An Ounce Of Prevention

Like the old adage goes, "An ounce of prevention is worth a pound of cure."
  • Avoid questionable web sites __ they are one of the primary access points for rogue software
  • Never open email attachments from unknown senders
  • Ensure that you are using a recognized anti-virus program with the latest virus signature updates
  • Use a personal firewall program (i.e. Windows Firewall)
  • Make sure your computer has the lastest security patches and updates
  • Avoid downloading programs from "freeware" and "shareware" sites as they are often laden with malware 
  • Do not click on any pop-up warning that your computer is infected __ if you click, your computer will get sick
  • If you have any concerns that your computer may have been compromised, seek the help of a computer professional immediately (UFV employees and other campus computer users can contact the Helpdesk)


Don't let rogue security software ruin your day, or your computer.  Knowing the warning signs to look out for will help you have a safer and more productive computing experience.

Late-Breaking Addendum

Microsoft's Malware Protection Center has declared that rogue security software is now the fastest growing online threat.

Recent developments show that the bad guys aren't just interested in scaring users into downloading their rogue security software.  They have now upped the ante with another tactic, referred to as "ransomware," in order to hold data files hostage, forcing the owner to pay money in order to get them back.

In this case, files with common extensions such as .doc, .pdf, ,jpg, are encrypted, thus rendering them inaccessible.  The only way to decrypt those files is to pay a ransom (typically a fee of $50) to the malware authors who will then provide the means of unlocking the data via another program interestingly called FileFix Pro 2009.  This definitely steps it up a notch or two from simply scaring people into buying bogus anti-virus sofeware.

Ransomware is not new.  Vundo, the exploit used to encrypt those personal data files in this new scheme, has been around for some time.

It's not all bad news, however.  Security vendor, FireEye, has developed a free online tool to decrypt files that have been encrypted by the aforementioned fake AV software.


Online Passwords

This was just posted a few weeks ago, but in light of recent events, it bears repeating as it applies to UFV access, as well. . .

It seems that every week there are stories of people who have had their Twitter or Facebook account hacked.

Bad actors are on the prowl looking for easy targets such as online accounts that can be compromised and accessed for malicious purposes.

What can be done about this?

To start, make sure your online account is secured with a strong password—at least 8 characters that include a combination of uppercase, lowercase, numeric and special characters.

Further, be sure to use a different password for each online account.  This way, if one password is compromised, your other accounts are still protected.

Last, but not least, keep your passwords to yourself.  Treat them like the keys to your home.



Twitter Facebook Linkedin Flikr UFV on Google+ YouTube goUFV