Rogue Anti-virus Programs Adopt the Agressive Ransom Malware Tactics Used by Botnets and Rootkits

Today's rogue anti-virus/anti-spyware makers are scaling their money-grabbing business model from scareware (scare you with fake security alerts) to ransomware (render your computer unusable until you pay up) tactics.

We recently stumbled upon a technique, used mainly by recent fake anti-virus applications such as the new version of Total Security, that uses aggressive ransom malware that virtually blocks other security programs from running or detecting the malware files on the affected computer. Basically, the ransom malware does not allow other programs to run on the system but offers a solitary solution that it claims can only be obtained if the user purchases the fake anti-virus software program.

The usual tactic of a rogue anti-virus application is to offer a solution for supposed threats found on the PC, something we are all-too familiar with. But lately we have noticed, along with other security vendors such as Fortinet, that some fake anti-virus software applications are starting to include an extra layer of intelligence giving it the ability to block detection by commonly used anti-virus programs and at the same time prevent other applications on the infected system from running.

Blocking security apps from running is often attributed to rootkits (e.g. Rootkit.Gen variants) and botnets (e.g. Waledac) -- now the creators of the rogue Total Security have picked up on this technique.

A number of legitimate PC-based anti-virus applications are ineffective for detection of newly engineered bogus anti-virus programs, various rootkits and even some botnets such as Waledac. These threats have now been cleverly designed by hackers to actually interfere with a computer's operation. This is why relying solely on an anti-virus program may not be the best approach to protecting your system from such infections.

Rogue anti-virus and rogue anti-spyware programs use to, for the most part, use persuasive language and subtle threats to get computer users to purchase the fake programs. Now, bogus anti-virus programs are actually preventing certain programs from running on infected computers, thus leaving the user with no choice but to purchase the 'solution' in hopes that they can restore full operation of their PC. This is where the hacker that is holding your computer for ransom has the upper hand. Most computer users who have never encountered a bogus anti-virus program will automatically assume that the only way to fix the issue is by opening up their wallet and purchasing the fix that is offered, especially if the user is unable to open up any other program except maybe another web browser.

Computer users who encounter these evolved threats must realize that the developers of bogus anti-virus software create it for the purpose of getting paid. They incorporate new money-raising tactics so that they can overcome any new barriers that any honest anti-virus or anti-spyware makers put in their way. What better way to entice a computer user to purchase a bogus anti-virus program than by limiting their ability to utilize their PC like they normally would?

If you had a program on your computer that identified an issue and prevented you from running any other application, would you purchase the 'fix' that it offered so that you can go back to using your computer in its 'working' state? How often do you investigate about a program before proceeding with purchasing it?