Rogue Security Software is a type of malicious software that pretend to be legitimate system security programs to trick the user in to making some form of payment. These programs propagate through the internet using a variety of techniques, such as:
• Social Engineering – users are tricked into installing the software, as it pretends to come from a legitimate source.
• Trojan viruses – these viruses enter the user’s computer along with other fake applications such as browser plug-ins, video/audio codec packs, free online malware scanners or e-mail attachments. Once they have entered the system, they automatically download and install the rogue security software.
• SEO poisoning techniques – Search Engine Optimization (SEO) is used to utilize the algorithms and functions used by popular web search engines in order to push a certain website up in search result rankings. These methods are also used by rogue software vendors, who place their URLs at the top of the search results for important queries such as recent news events. When the users click on these URLs, the browser will be redirected to a page that pushes a trial version of the rogue software onto the computer.
Once a rogue security software program has established itself on a user’s system, it will normally load itself as a service and run all the time. It will also generate fake security warnings that the user’s system is under threat in various ways. The rogue program will also disable any system utilities such as Task Manager, Registry Editor and System Restore that could be used to uninstall them, as well as completely disabling any legitimate security software that the user has already installed on the computer. The rogue software may also create actual malware on the computer and point them out to the user as threats, or create harmless files and point them out as threats, or simply point out useful and harmless system files as threats. It will perform these actions in the most attention-grabbing way, utilizing all the system resources such as taskbar pop-ups, desktop scan etc.
The culmination of all this activity occurs when the rogue security software application requests some sort of monetary payment to be made by the user. Usually, this is done by claiming that the currently installed ‘trial’ version of the rogue software is incapable of removing the previously detected false ‘threats’, and so the user should pay for a license to the ‘full’ version of the software. Other methods include promoting another rogue application that can apparently ‘do the job better’ or ‘perform housekeeping tasks on the system’. Another gimmick is to claim that if the user buys the ‘full’ version, the vendor will donate a small sum to some charitable cause such as environmental protection. However, none of the statements made by the rogue security software program are true at any point.
If the user, by any chance, finds a copy of a rogue security software application installed on their system, they should take immediate measures to remove it. This can be done in a number of ways:
• Manually – stop the application’s running processes, unregister its DLLs, delete its files and folders, and remove its registry entries. This will completely remove the rogue software from the system, but should be done with caution as any mistake could result in the operating system being damaged.
• By using web-based repair services.
• By using legitimate antivirus software.
There are many malware-specific removal guides available on the internet which can guide the user through the process of removing any malware from their system.
If a user is tricked in to actually purchasing a license to a rogue security software application, they should immediately take measures to freeze the transaction. As the main method of payment online would be through credit cards, the user should immediately contact the credit card provider and ask them to freeze the transaction through which the rogue security software vendor was payed. The credit card provider should also be asked to flag that transaction as fraudulent and to monitor any similar transactions in the future.
The best way to stay safe from Rogue Security Software is to be on the lookout for these applications and have a good antivirus program installed on your computer.