Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

The Rise and Rise of Rogue Security Software

by Erin Early - Lavasoft - Monday, 22 December 2008.

Rogue security software is an application that appears to be beneficial from a security perspective but provides little or no security, generates erroneous alerts, or attempts to lure users into participating in fraudulent transactions. Some products defined as "rogue" simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying the product.

The Surge of Unsavory Software

Unfortunately for computer users, the number of rogue security and anti-malware software, also commonly referred to as "scareware," found online is rising at ever-increasing rates, blurring the lines between legitimate software and applications that put consumers in harm’s way. Industry experts have reported a five-fold year-on-year increase in the number of rogue applications invading the Internet.

"Levels have increased dramatically. Of all the rogue security applications we have in detection, approximately 21 percent of the total in detection have appeared since June 2008. There are clearly vast amounts of money to be made from these rogue programs," says Andrew Browne a malware analyst and Research Team Leader at Lavasoft.

In recent weeks, researchers in the Lavasoft Security Center have seen a variety of new rogue security applications appear, all of which are rogue anti-malware products. Examples of these products include the following: eAntivirusPro, Antimalware 2009, PersonalAntiSpy, Windows AntiVirus 2008, MicroAntivirus 2009, AntiVirus Security, and AntiSpyware Pro XP.

"All of these applications have extremely professional looking user interfaces, making users all the more likely to be tricked into purchasing them," Browne says.

Stopping the Spread of Rogues

Detection through legitimate security software is not the only way progress is being made to fight the increasing levels of rogue software. Some are trying to take rogues to task, attempting to make the purveyors accountable by working through the justice system. In the end of September 2008, the state of Washington, USA, along with the Microsoft Corporation, filed lawsuits against alleged scareware purveyors, the marketers of the Registry Cleaner XP program.

If the past is anything to go by, this suit may prove to be another important example of what can be done to quell rogue software purveyors and stop consumer fraud in this area. In the United States, Washington has been a leader in the battle against spyware. It was one of the first states to adopt a law prohibiting spyware activities and to impose serious penalties on violators; and since 2005, the attorney general’s office has filed seven suits under this statute – the Computer Spyware Act.