Home / malwarePDF  

Rogue:W32/Rogue antispyware


First posted on 19 October 2009.
Source: SecurityHome

Aliases :

There are no other names known for Rogue:W32/Rogue antispyware.

Explanation :

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.

Additional DetailsRogue antispyware is difficult to define as the intentions of the group vary. Typically, the products claim to be a legitimate antispyware application, but are in fact nothing more than an inexpensive clone of unreliable software.

Distribution

Many of the applications use very questionable sales tactics and the quality of their product is suspect. Detecting problems in the demo or trial version, but requiring a license to remove those problems is typical for the family.

Spyware or other malware sometimes silently install rogue antispyware, which then offers to remove the spyware. Trojans and toolbars are other sources prompting for rouges to be installed.

Affiliate marketing programs are often used to sell rogue antispyware. Every time an affiliate product is installed and sold, a commission is paid. The result is a strong pressure to sell, by any means necessary.

Rogues that have been available for a while are also often repackaged and given new names in order to gain new, unsuspecting users.

Activity

Deceptive or high-pressure sales tactics may also be used to convince users into buying a license. For example, free scans are offered but a license is needed before any dangers can be removed:



Free, fully functional trial periods are usually not offered. Users will be told that they need to buy protection even if there is nothing dangerous found.

Many rogue applications present outright false positives as a means to alarm computer users into buying their application, as can be seen in the screenshot below:



Others present false positives due to bugs in the software's code, not because of an outright lie. Code corrections can move a suspected rogue off the antispyware detection lists.

Rogues can be deliberately fraudulent, or just substandard products that present false information. For example, one rogue displays a list of fake "threats" seen below:



Note the misspelling of threats as "threads". The two files listed are common and are found on any installation of Windows. They are text files that contain configuration information for Windows. They are not executable programs.

Last update 19 October 2009

 

TOP

Malware :