- Rogue software
Rogue security software is
software that usesmalware (malicious software) or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistentmalware . Rogue software will often install a trojan horse to download a trial version, or it will execute other unwanted actions. The first and still most comprehensive study of rogue and realantispyware programs was carried out byEric L. Howes . [ [http://www.spywarewarrior.com/rogue_anti-spyware.htm Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites ] ]Effects
The main goal of rogue software makers is to sell their product. Many times fake Windows dialog boxes will appear. Most of the time, they will display a message such as "WARNING! Your computer is infected with Spyware/Adware/Viruses! Buy [software name] to remove it!" Usually, when the dialog box's OK button is clicked, this will direct the user to a malicious website, which may download more malware. Sometimes, even clicking the upper right hand X button to close the dialog box will produce the same effect or activate the software's installation. (Pressing Alt+F4 can circumvent that trick). Some software, like
SpyAxe will automatically download the trial version without any user action (drive-by installation).False positives
A variant of the above technique that rogue security software makers use is that of false positives. A false positive is a fake or false malware detection in a computer scan. This can convince even advanced users that their computer is infected who may not be deceived by the abovementioned similar claims without a scan. This is quite different from an accidental false positive, which can be produced in a scan by security software from honest companies.
Detection
Almost all reputable antispyware software will detect rogue software if it is installed on the scanned computer. Often, non-reputable rogue antispyware software will install a Trojan horse to download the software from the maker's website, like
Titan Shield . [ [http://www.symantec.com/security_response/writeup.jsp?docid=2006-061311-1436-99 TitanShield - Symantec.com ] ] Reputable antispyware software can detect the Trojan even before the software is installed. Programs such asAd-Aware SE ,AVG Anti-Virus andAvast! can usually detect these. However, often removal of new, aggressive rogue programs requires use of programs such asHijackThis combined with manual removal processes because it can take quite a while before the manufacturers of the abovementioned legitimate programs learn how to automate the process and update their programs. Use of HijackThis without specialist help can cripple a computer, and users are advised to get help from the many voluntary specialists in forums such as [http://spywarewarrior.com/index.php Spyware Warrior] , [http://forums.spybot.info/forumdisplay.php?f=22 Safer Networking] , [http://www.bleepingcomputer.com/forums/topic34773.html Bleeping Computer] , [http://www.virusremovalguru.com Virus Removal Guru] , and others.Lawsuits
Recently, lawmakers as well as private citizens have attempted to shut down vendors of these companies, specificly
XPdefender ,WinSpywareProtect ,WinDefender ,WinFixer ,MalwareCore , andAntivirus 2009 have been named in lawsuits. [http://msmvps.com/blogs/spywaresucks/archive/2008/09/30/1649214.aspx] [http://www.mercurynews.com/ci_8668679?nclick_check=1]Partial list of rogue software
There are a large number of number of fake anti-spyware programs active on the
Internet . Typically, widely-distributed Webbanner ad s falsely warn users that their computers have been infected withMalware , enticing them to download the rogue software. Once installed, the software useshuman engineering andfalse positives to manipulate the user into purchasing the software. These programs do not actually remove spyware — or worse, may add more.The following is a partial list of known rogue software. Often the same software is distributed under several names.
*
Advanced Cleaner [ [http://www.spyware2.net/advanced-cleaner.html Advanced Cleaner ] ]
*AlfaCleaner
*AntiSpyCheck 2.1
*AntiSpyStorm
*AntiSpywareExpert
*AntiSpywareMaster
*AntiSpywareSuite
*Antivermins
*Antivirgear
*Antivirus 2008
*Antivirus 2009
*AntiVirus Gold [ [http://www.symantec.com/security_response/writeup.jsp?docid=2006-032415-1558-99 Symantec] ]
*Antivirus Master
*Antivirus XP 2008 [ [http://www.symantec.com/security_response/writeup.jsp?docid=2008-071613-4343-99&tabid=2 Symantec] ]
*Awola
*Brave Sentry
*BestsellerAntivirus
*Cleanator
*ContraVirus
*Doctor Antivirus
*DriveCleaner [ [http://www.symantec.com/security_response/writeup.jsp?docid=2006-062217-0726-99 Symantec] ]
*Disk Knight
*EasySpywareCleaner
*Errorsafe
*free-viruscan.com
*IE Antivirus
*IEDefender
*InfeStop
*Internet Antivirus
*KVMSecure
*MacSweeper
*MalCrush 3.7
*MalwareCore
* MalwareAlarm
*Malware Bell 3.2
*MS Antivirus
*MS Antispyware
*PCSecureSystem [ [http://www.411-spyware.com/remove-pcsecuresystem 411-spyware] ]
*PC Antispy [ [http://softratty.com/article/923642a2b649d93970a742aa745fc682 softratty.com] ]
*PC Clean Pro [ [http://softratty.com/article/923642a2b649d93970a742aa745fc682 softratty.com] ]
*PC SpeedScan Pro
*PestTrap [ [http://www.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99 Symantec] ]
*Perfect Cleaner
*PersonalAntiSpy Free
*PAL Spyware Remover
*PCPrivacytool
*PC-Antispyware
*PSGuard
*Saliar
*SecurePCCleaner
*Security toolbar 7.1
*Smart Antivirus 2008
*Smart Antivirus 2009
*SpyAxe [ [http://www.symantec.com/security_response/writeup.jsp?docid=2005-123015-4116-99 Symantec] ]
*Spy Away
*SpyCrush
*Spydawn [ [http://www.symantec.com/security_response/writeup.jsp?docid=2007-053116-5727-99 Symantec] ]
*SpyGuarder
*SpyHeal
*Spylocked [ [http://www.symantec.com/security_response/writeup.jsp?docid=2007-053117-1026-99 Symantec] ]
*SpySheriff [ [http://www.symantec.com/security_response/writeup.jsp?docid=2005-122910-4625-99 Symantec] ]
*SpySpotter
*Spyware Cleaner
* Spyware Quake [ [http://www.symantec.com/security_response/writeup.jsp?docid=2006-032914-3453-99 Symantec] ]
*Spyware Stormer
*SpywareStrike
*Spy-Rid
*SpyWiper
*System anti virus 2008
*System Live Protect [ [http://www.symantec.com/security_response/writeup.jsp?docid=2007-061412-0315-99 Symantec] ]
*SystemDoctor
*TrustedAntivirus
*TheSpyBot
*UltimateCleaner
* VirusHeat
*Virus Isolator
*VirusProtectPro
*VirusRanger
*Vista Antivirus 2008
*WinAntiVirus Pro 2006
*WinFixer [ [http://www.symantec.com/security_response/writeup.jsp?docid=2005-120121-2151-99 Symantec] ]
*WinSpywareProtect
*WorldAntiSpy
*XP Antivirus
*Zinaps AntiSpyware 2008 ee also
*
Spyware
*Malware
*Russian Business Network References
Wikimedia Foundation. 2010.
