Trend Micro: Rogue Security programs on the rise


a leader in network antivirus and content security software and services, today announced that rogue security programs are on the rise. Unlike other threats that burst onto the scene with high levels of infection, these types of threats have been steadily increasing. Based upon data from Trend Micro™ TrendLabsSM, rogue security programs (as a percent of total threats) have increased from two percent in early 2006 to over 10 percent in March 2007. Rogue security programs are the latest threat to exploit social engineering techniques for monetary rewards on the Web. Rogue security applications are stealthily downloaded and installed on a user’s PC. They relentlessly warn the user, in a number of ways, that their PC has been infected by some form of malware when in reality either no infection exists, or malware is installed along with the downloaded rogue software. In any case the software, operating as a “free trial”, offers an upgrade at a fee for full functionality. Thousands of users have succumbed to this approach, purchasing rogue anti-spyware that provides no service at all. Once the user discovers that the software is useless and that they have provided their credit card to a fraudulent company, many users see fit to cancel their credit card, further adding to their inconvenience and loss. The programs can be installed in many different creative ways. For example, malicious use of a Windows exploit can enable the malware author to stealthily install the program when a user simply opens an email or views a Website. In another method, when a user visits a site with video content, the site may instruct the victim to download a video codec in order to view video content. But instead of downloading a codec, the rogue anti-spyware is downloaded, and a simple command plays the video. Pop-up banner ads that entice users to download “needed” software also provide a means for malware authors to download this rogue software. The rogue software is designed to look and feel like legitimate security software that is running in trial mode on the user’s PC. The programs repeatedly warn the user that they have been infected using pop-up windows, hijacked browser homepages, hijacked desktop wallpaper, and warnings that pop up from the system tray. In many cases, the cyber criminals design the warnings to resemble Microsoft™ Windows alerts. The programs indicate that some form of a virus or spyware infection has been identified and that the only recourse is to purchase software to clean the infection. Examples of the myriad phony software packages that have propagated are Winfixer, SpywareQuake, ErrorSafe, ErrorGuard, SpyShield, ApyAxe, SpywareNuker, and most recently, Spyhealer, DriverCleaner, and SystemDoctor. “Rogue security programs are clearly on the rise”, says George Moore, threat researcher at Trend Micro. “Therefore users must demonstrate caution and always be alert when downloading software. In addition they need to protect their systems by using the latest security software against Web threats from a known and reliable vendor such as Trend Micro.” Trend Micro advises computer users to employ some best practices in order to avoid infection by rogue security programs: •Users should only purchase and use legitimate, trusted, name-brand security software (which can detect the installation of most rogue anti-spyware).•If notified of an infection, seek a second opinion from a reputable online scanning service (such as Trend Micro HouseCall™ (•When purchasing security software, check online reviews and feedback from users, as well asreview the software Web site before purchasing, and use only a secure connection when purchasing. Look out for the padlock symbol in the bottom right hand corner of your window, indicating you are visiting a secured site.•Check the validity of the software against lists of rogue software compiled by independent analysts (such as Spyware Warrior (
[Submitted by Imran Asad]

Leave a Reply

© 2012 technoNix. All rights reserved.
Logo designed by : Sahil Jain