Malware spotlight: What is rogue security software?
Remember before you became security-conscious? Or maybe you always have been — either way, you most likely have been faced with this scenario. You sit down at your PC, fire it up and are soon faced with a scary-looking warning seemingly informing you that your computer has been infected with malware or a virus. This window was probably slathered with ominous pictures like a skull and crossbones, flashing lights and an important-looking text window giving you the bad news.
I am sure you eventually discovered it was rogue security software that was trying to scare you. Hopefully you did not pay for the malware removal service it was trying to sell you.
Become a certified reverse engineer!
This article will detail what rogue security software is and will explore what it can do to systems, real-world examples of rogue security software, and what the strongest defense against threat is.
My personal anecdote
Years ago, before my major security epiphany, I was one of the least security-minded individuals around. This was mostly due to a false sense of security I had in my antivirus solution, combined with a liberal sprinkling of laziness.
I was running a Windows XP system until one day, when my computer was seemingly hijacked by Windows telling me to buy expensive malware tools or lose control of my system. This message was coupled with the obligatory flashing lights, dire imagery and strong language that is so common with rogue security software.
It wasn’t until I fully lost my system that I had my security lightbulb moment and the rest was history. No, I did not pay them a dime, and the result was the birth of my fascination with information security.
What is rogue security software?
Rogue security software refers to a program that induces internet fraud by using security exploits on a target system to mislead, scare or deceive the user into downloading a program, either free for by paying money, in exchange for the removal of malware it claims is on the target system. If the user complies, the result is the installation of more malware. Sometimes, rogue security software will threaten the user with ransomware if they do not pay up.
Rogue security software goes by different names, including the following:
- Scareware
- Fraudware
- Rogue scanner
- Rogue antivirus
Technically speaking, rogue security software is most times a Trojan that needs successful social engineering to trick the user into installing it and is normally disguised as another app, software or extension. These Trojans have been known to masquerade as:
- Toolbar, browser plug-in or extension
- Multimedia codec, normally downloaded to play a video
- Peer-to-peer shared software
- Free anti-malware solutions and scanners
- Drive-by downloads picked up when visiting compromised websites
Social engineering is the method of deception that this type of malware needs in order to be successful.
Let’s dig a bit deeper. Experts have determined that attackers rely heavily upon website and surface credibility techniques. This is shown by the use of similar color, font, and window aesthetics that legitimate antivirus and anti-malware companies use and a legitimate-seeming company name and logo. These efforts are buttressed by classic scam language stressing the limited time that the user has to purchase the “solution.” Clickjacking, which tricks users into clicking something different than perceived, is normally used to leverage against well-founded user intent.
What can rogue security software do?
Rogue security software is more than just an apparent attempt to force users to pay money for a fake tool to counter a fake threat. If this were all it could do, you might as well call it ransomware lite. Instead, rogue security software can turn your use of the infected computer into a worst-case scenario.
Below is a rundown of what rogue security software can do.
- Lure users of infected systems into fraudulent transactions
- Steal personal information by using social engineering
- Launch misleading or deceptive pop-up windows and alerts, accompanied with fear-inducing language
- Corrupt files and slow computer performance. This can render computers practically unusable, and the slowness increases over time as long as the system is infected
- Prevent you from using antivirus solutions and visiting antivirus and anti-malware vendor websites
- Install further instances of malware which may go undetected for a long time
- Disable both Windows and anti-malware/antivirus updates
- Turn your computer into a zombie. Attackers can use your system to further this attack and others
As you can see, rogue security software has the potential to make your computer use frustrating, to say the least. When my situation happened, my system became progressively slower over the span of a couple of weeks, to the point that my system was giving me malware and corrupted file alerts at least a few times an hour. This made even the simplest task, such as opening a browser window, take almost an hour to complete.
Real-world examples of rogue security software
- Anti-Virus Plus
- Spy Sheriff
- Total Secure 20XX
- AdwarePunisher
- Registry Cleaner
- DriveCleaner
- WinAntivirus
- ErrorSafe
Your best defense
… is a good offense, and the best offense against rogue security software is a solid cybersecurity training program for your organization’s users. A good cybersecurity training program will address the social engineering aspect of rogue security software and will impart other good cybersecurity sense that will do more towards preventing rogue security software than any scanner or anti-malware solution could dream of.
Remember, this type of malware literally needs users to buy the scam they are trying to sell, so at the end of the day, the point of entry is an untrained user’s mind.
Conclusion
Rogue security software is a type of malware that tricks users into buying an anti-malware solution or removal service. Instead of a legitimate product, the user ends up downloading more malware or worse. Proper cybersecurity training is an organization’s best bet to prevent this threat from claiming another system.
Sources
- Rogue Anti-Malware, Microsoft Security Intelligence
- Fake Anti-Virus, the Rogue Security Software Problem, We Are IT.
- What is…Scareware?, Fraud Watch International.
- Terry Gudaitis, “Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communications”, 2017
- Exam Pass Guarantee
- Live expert instruction
- Hands-on labs
- CREA exam voucher
In this Series
- Malware spotlight: What is rogue security software?
- How AsyncRAT is escaping security defenses
- Chrome extensions used to steal users' secrets
- Luna ransomware encrypts Windows, Linux and ESXi systems
- Bahamut Android malware and its new features
- LockBit 3.0 ransomware analysis
- AstraLocker releases the ransomware decryptors
- Analysis of Nokoyawa ransomware
- Goodwill ransomware group is propagating unusual demands to get the decryption key
- Dangerous IoT EnemyBot botnet is now attacking other targets
- Fileless malware uses event logger to hide malware
- Nerbian RAT Using COVID-19 templates
- Popular evasion techniques in the malware landscape
- Sunnyday ransomware analysis
- 9 online tools for malware analysis
- Blackguard malware analysis
- Behind Conti: Leaks reveal inner workings of ransomware group
- ZLoader: What it is, how it works and how to prevent it | Malware spotlight [2022 update]
- WhisperGate: A destructive malware to destroy Ukraine computer systems
- Electron Bot Malware is disseminated via Microsoft's Official Store and is capable of controlling social media apps
- SockDetour: the backdoor impacting U.S. defense contractors
- HermeticWiper malware used against Ukraine
- MyloBot 2022: A botnet that only sends extortion emails
- Mars Stealer malware analysis
- How to remove ransomware: Best free decryption tools and resources
- Purple Fox rootkit and how it has been disseminated in the wild
- Deadbolt ransomware: The real weapon against IoT devices
- Log4j - the remote code execution vulnerability that stopped the world
- Rook ransomware analysis
- Modus operandi of BlackByte ransomware
- Emotet malware returns
- Mekotio banker trojan returns with new TTP
- Android malware BrazKing returns
- Malware instrumentation with Frida
- Malware analysis arsenal: Top 15 tools
- Redline stealer malware: Full analysis
- A full analysis of the BlackMatter ransomware
- A full analysis of Horus Eyes RAT
- REvil ransomware: Lessons learned from a major supply chain attack
- Pingback malware: How it works and how to prevent it
- Android malware worm auto-spreads via WhatsApp messages
- Malware analysis: Ragnarok ransomware
- Taidoor malware: what it is, how it works and how to prevent it | malware spotlight
- SUNBURST backdoor malware: What it is, how it works, and how to prevent it | Malware spotlight
- ZHtrap botnet: How it works and how to prevent it
- DearCry ransomware: How it works and how to prevent it
- How criminals are using Windows Background Intelligent Transfer Service
- How the Javali trojan weaponizes Avira antivirus
- HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077
- DreamBus Botnet: An analysis
- Kobalos malware: A complex Linux threat
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Malware analysis
Malware analysis
Malware analysis
Malware analysis