Malware analysis

Malware spotlight: What is rogue security software?

Greg Belding
November 25, 2019 by
Greg Belding

Remember before you became security-conscious? Or maybe you always have been — either way, you most likely have been faced with this scenario. You sit down at your PC, fire it up and are soon faced with a scary-looking warning seemingly informing you that your computer has been infected with malware or a virus. This window was probably slathered with ominous pictures like a skull and crossbones, flashing lights and an important-looking text window giving you the bad news.

I am sure you eventually discovered it was rogue security software that was trying to scare you. Hopefully you did not pay for the malware removal service it was trying to sell you.

This article will detail what rogue security software is and will explore what it can do to systems, real-world examples of rogue security software, and what the strongest defense against threat is.

My personal anecdote

Years ago, before my major security epiphany, I was one of the least security-minded individuals around. This was mostly due to a false sense of security I had in my antivirus solution, combined with a liberal sprinkling of laziness.

I was running a Windows XP system until one day, when my computer was seemingly hijacked by Windows telling me to buy expensive malware tools or lose control of my system. This message was coupled with the obligatory flashing lights, dire imagery and strong language that is so common with rogue security software.

It wasn’t until I fully lost my system that I had my security lightbulb moment and the rest was history. No, I did not pay them a dime, and the result was the birth of my fascination with information security.

What is rogue security software?

Rogue security software refers to a program that induces internet fraud by using security exploits on a target system to mislead, scare or deceive the user into downloading a program, either free for by paying money, in exchange for the removal of malware it claims is on the target system. If the user complies, the result is the installation of more malware. Sometimes, rogue security software will threaten the user with ransomware if they do not pay up.

Rogue security software goes by different names, including the following:

  • Scareware
  • Fraudware
  • Rogue scanner
  • Rogue antivirus

Technically speaking, rogue security software is most times a Trojan that needs successful social engineering to trick the user into installing it and is normally disguised as another app, software or extension. These Trojans have been known to masquerade as:

  • Toolbar, browser plug-in or extension
  • Multimedia codec, normally downloaded to play a video
  • Peer-to-peer shared software
  • Free anti-malware solutions and scanners
  • Drive-by downloads picked up when visiting compromised websites

Social engineering is the method of deception that this type of malware needs in order to be successful.

Let’s dig a bit deeper. Experts have determined that attackers rely heavily upon website and surface credibility techniques. This is shown by the use of similar color, font, and window aesthetics that legitimate antivirus and anti-malware companies use and a legitimate-seeming company name and logo. These efforts are buttressed by classic scam language stressing the limited time that the user has to purchase the “solution.” Clickjacking, which tricks users into clicking something different than perceived, is normally used to leverage against well-founded user intent.

What can rogue security software do?

Rogue security software is more than just an apparent attempt to force users to pay money for a fake tool to counter a fake threat. If this were all it could do, you might as well call it ransomware lite. Instead, rogue security software can turn your use of the infected computer into a worst-case scenario.

Below is a rundown of what rogue security software can do.

  • Lure users of infected systems into fraudulent transactions
  • Steal personal information by using social engineering
  • Launch misleading or deceptive pop-up windows and alerts, accompanied with fear-inducing language
  • Corrupt files and slow computer performance. This can render computers practically unusable, and the slowness increases over time as long as the system is infected
  • Prevent you from using antivirus solutions and visiting antivirus and anti-malware vendor websites
  • Install further instances of malware which may go undetected for a long time
  • Disable both Windows and anti-malware/antivirus updates
  • Turn your computer into a zombie. Attackers can use your system to further this attack and others

As you can see, rogue security software has the potential to make your computer use frustrating, to say the least. When my situation happened, my system became progressively slower over the span of a couple of weeks, to the point that my system was giving me malware and corrupted file alerts at least a few times an hour. This made even the simplest task, such as opening a browser window, take almost an hour to complete.

Real-world examples of rogue security software

  • Anti-Virus Plus
  • Spy Sheriff
  • Total Secure 20XX
  • AdwarePunisher
  • Registry Cleaner
  • DriveCleaner
  • WinAntivirus
  • ErrorSafe

Your best defense

… is a good offense, and the best offense against rogue security software is a solid cybersecurity training program for your organization’s users. A good cybersecurity training program will address the social engineering aspect of rogue security software and will impart other good cybersecurity sense that will do more towards preventing rogue security software than any scanner or anti-malware solution could dream of.

Remember, this type of malware literally needs users to buy the scam they are trying to sell, so at the end of the day, the point of entry is an untrained user’s mind.


Rogue security software is a type of malware that tricks users into buying an anti-malware solution or removal service. Instead of a legitimate product, the user ends up downloading more malware or worse. Proper cybersecurity training is an organization’s best bet to prevent this threat from claiming another system.


Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.