Malware Research Threat Database Rogue Anti-Spyware Program

Rogue Anti-Spyware Program

Rogue anti-spyware (or rogue security software) is an application that uses malware or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistent infections. Rogue anti-spyware will often install a Trojan horse to download a trial version of the rogue anti-spyware program or it will execute other unwanted actions.

The main goal of rogue anti-spyware developers is to install and sell their product. In order to attempt to install their program, fake Windows dialog boxes and other browser pop-ups are often displayed attempting to entice the user to click on them. Usually they will display a message warning users that their computer system is infected with numerous parasites and urging the user to purchase and install the offered rogue anti-spyware application.

Example of a Rogue Anti-Spyware program interface

You simply must be careful when selecting an antispyware program, since there are just as many fake ones on the web as there are legitimate ones. Fake antispyware (Rogue Anti-Spyware) programs are modeled off of legitimate programs in hopes of duping wary PC users into buying empty software. A cybercriminal is ultimately behind these fake tools, although it is a Trojan engineering the presentation. Rogue Anti-Spyware programs are also similar to Rogue Anti-Virus applications, which are fake anti-virus apps that cater more to the alleged detection and removal of computer viruses.

Fake antispyware program (Rogue Anti-Spyware) presentations run the same course as most rogue security programs, too engineered by Trojans. First is the distribution vector. Trojans are great at guising their download as something innocent or helpful, so it is highly likely you or someone using your computer blindly clicked on a booby-trapped link or landed on a compromised webpage. While the booby-trapped link is dependent on the victim taking obvious action, the compromised webpage, on the other hand, can react to just a landing. If your browser is vulnerable, i.e. in need of a patch, and your system is absent stealth antimalware protection, the landing could trigger an automatic download of malware on your system. So be careful where you land and what you click on. 

If the Trojan representing the fake antispyware program slips inside your computer, you can expect the following to unfold:

  • Your system may progressively slow or display other unwanted behaviors, i.e. freezing, assault of pop-up advertisements contradicting browser settings, etc.
  • Out of nowhere you will get scary alerts signaling malware is onboard.
  • An interface of a fake antispyware program will appear and run a quick scan without your permission.
    • Fake alerts and warnings will continuously pop-up
    • The quick scan will confirm an attack is underway
    • The victim will be asked to run a full scan to identify actual intruders
    • A long scary list of Trojans and infected files will be returned
    • Empty promises will be made, for example, the fake antispyware program will offer to remove the ‘found intruders’ but first you must BUY the full version of the software

Fake antispyware programs are exactly that – FAKE. They cannot make good on any promises, meaning they cannot remove infections. In fact, they are the infection. Fake antispyware are the work of the devil, aka a cybercriminal, and were not designed to help you but rather cause harm. 

  • The Trojan is planned to rob you of valuable data stored in your browser cache or on your hard drive. System data will also be gathered that identifies other vulnerabilities to aid in planning future malicious attacks.
  • Email addresses may be harvested and used in future email spam campaigns.
  • A port will be opened to not only transfer stolen data but also to serve as a gateway for download of more malicious programs.

Backdoors mimic remote assistance tools and afford a hacker remote access and control of an infected system. Often backdoors are secretly downloaded and installed on infected computers and then sold on the black market to the highest bidder. If a hacker gains remote control, he could secretly use and drain the system resources in a DNS strike and the trails of this illegal activity can lead right to your IP address and ultimately your home. 

Legitimate antispyware tools are meant to filter out programs that spy on your surfing habits and make possible an assault of custom and unwanted advertisements based off key words. If a malicious BHO (browser helper object or plugin) is onboard, your web traffic could be hijacked and you could be forcibly routed to:

  • Arbitrary search engines that encourage click fraud and earn a cybercriminal undue revenue
  • Malicious websites promoting sale of antispyware or antivirus programs
  • Malicious or compromised websites associated with the infamous Blackhole Exploit Kit, thus allowing automatic download of a special cocktail, malware mixed to exploit vulnerabilities on your system

Unfortunately, a lot of legitimate programs as well as malicious ones are secretly collecting data and sometimes it is can be invasive. Antispyware and antimalware solutions monitor behaviors, i.e. programming and processes, and red flag ones that violate the PC’s privacy. Removing invasive programs are not always easy, especially rogue programs and this includes fake antispyware programs. Rogues often contain a rootkit, a malicious tool used to mask and bury malicious files, thus making it hard for novice PC users or subpar antimalware tools to remove them. For example, Trojans of rogue programs are quite stealth and can edit the registry so the malicious executable runs each time Windows is booted. They hide their files by labeling them the same as legitimate operating system files and too house them in the white listed area of such critical files. Many antivirus programs are not able to scan the white listed area, which means they cannot successfully combat rootkits and the malicious files they bury. Therefore, it is highly recommended you seek a formidable opponent – a stealth and professional antimalware solution equipped with an ANTIROOTKIT component to safely and successfully remove hidden malware and fully restore your system back to its normal use.

Most Trending Rogue Anti-Spyware Program in the Last 2 Weeks

# Threat Name Severity Level Alias(es) Detections
1. OpenCloud Antivirus 100 % (High) 4
2. ULTIM Security
3. ExploreDivision
4. Green Antivirus 2009 100 % (High) Reser.Reputation.1
Encrypted Archive
5. Contravirus 100 % (High) 59
6. OnlinePCGuard 60 % (Medium) 3
7. ErrorSweeper 100 % (High) 23
8. PC-Prot 60 % (Medium) FraudTool.Win32.SanitarDiska
Malicious Software
9. Cleanator 100 % (High) 16
10. WiniShield 100 % (High) 7
11. SaveArmor 100 % (High) 4
12. Secure Warrior 100 % (High) 7
13. SoftStronghold 100 % (High) 7
14. SystemWarrior 100 % (High) 7
15. NoMalware 100 % (High) NoMalware
16. Peak Protection 2010
17. Pest Detector 4.1
18. MegaVaccine
19. Antispyware Pro 2012 20 % (Normal)
20. Windows Premium Defender 20 % (Normal) Generic Malware
21. DisplayProgram
22. OriginalTechSearch
24. DisplayAdvice
25. SignalBalance
27. Windows XP Fix 100 % (High) 11
28. Antivirus 2009 100 % (High) Generic11.BKKP
29. Windows Antivirus 2008 100 % (High) TROJ_FAKEAV.KAD
High Risk Cloaked Malware
30. AntiSpy Safeguard 100 % (High) 8

Last updated: 2024-05-23