Rogue security software, also known as rogue antivirus, fake antivirus, and in some cases fake tech support, may not be classified as the biggest online threat but, if successfully installed, it has consequences. Consequences that vary, depending on the specific malicious campaign the rogue antivirus has been part of. Yes, rogue AV software doesn’t only flood you with fake pop-up warnings.
For example, December 2015 witnessed several aggressive campaigns featuring fake tech support pages, exploit kits and… CryptoWall. Thousands of users in Canada, the UK and the US were hit, and, hopefully, next time the very same victims will know better not to click on suspicious pop-ups prompting them to visit unknown websites. If you’re wondering, fake tech support scams and fake AV programs have a lot in common. Both of the online scams try to take money from you, may harvest and abuse your personal and banking information, and may infect you with other forms of malware.
Since education is the best precaution, let us tell you about rogue antivirus in 2016. Things we will clarify in this article:
- How to be sure you’ve been infected by a rogue AV program;
- How rogue AV programs are propagated across the Web;
- How to tell the difference between a real and a rogue security program;
- How to clean your system after it has been ‘cleaned’ by a rogue AV product.
Rogue Security Software: The Signs
Unfortunately, there are way too many rogue AV programs trying to extort users for money. Yes, you read correctly. In many ways, fake AV programs resemble ransomware – they will manipulate you into purchasing the full version of a (rogue) product. But first, you will be flooded with fake warnings. In that sense, rogue AV programs are also considered scareware.
There are several things to look for and keep in mind, like:
- GUI (graphical user interface) that resembles legitimate AV programs but is in fact created by cyber crooks. Once the program is activated on your system, it will launch the GUI and will start “scanning” your system.
- Shortly after that, the annoying scareware pop-ups will enter your screen. Often, these pop-ups imitate Windows security alerts;
- The final stage is where you will be prompted to type in your banking information to pay for the full version of the program. Needless to say, the second you share your credit card number, you become vulnerable to cyber fraud of all kinds.
Also, keep in mind that a fake AV program may also act like a browser hijacker and take over your browsers. If you notice that your browser’s homepage has been replaced with the ‘official’ page of a suspicious security product, be sure that you have rogue AV and (quite possibly) other malware draining your system.
But how did that fake AV program sneak into your computer in the first place?
Like most forms of cyber fraud, rogue security software has evolved quite a lot. For instance, the well-known SpySheriff (depicted below) dates back to 2007. SpySheriff was ‘advertised’ as an anti-spyware program while in fact it was the spyware itself.
Image Source: Microsoft
This has been the case with many other fake security products, then and now. In other words, you could have downloaded the program yourself, believing it was a useful and truthful one.
The distribution methods deployed by cyber crooks to propagate their rogue products aren’t that different from the ways malware is spread across the Web (both on desktop and mobile devices):
- Web navigation. In such a case, you will be displayed a fake pop-up alert claiming that your machine is infected. Then, you will be prompted to purchase and download whatever rogue AV program you landed on. This is the scareware tactics we already described. Often, fake pop-up warnings say that you need to download system updates or missing drivers, or that you need to remove the malware ‘found’ by the rogue. Once you are tricked into clicking on the pop-up, you will have a rogue AV.
- SEO poisoning. Have you heard of it? It’s a common method used by fraudsters and malicious coders. SEO poisoning would push ahead bad links on top of the search results on search engines. If you don’t pay much attention to the links in your results, you may easily be fooled, especially when corrupted links are situated among legitimate security vendors. Next time, just be extra cautious whenever you do a search using keywords such as ‘free antivirus scan’.
- Email, phishing, spam. The three often come together. Think twice before opening a suspicious and unexpected email. If you’ve already opened such an email, don’t click on any links. However, it may be too late. Malware may have already entered your system, the second you opened the email.
- Drive-by downloads. Like any other malware, rogue AV programs can be propagated via drive-by downloads that don’t acquire user interaction. Such downloads usually exploit known vulnerabilities in software. That’s why it’s crucial to keep all of your programs up-to-date. Your operating system included.
- Online video streaming websites. Be careful, if you watch videos on random websites. You will be likely prompted to download a supposedly missing codec to play that video. Instead, you may download a rogue program or some other form of adware or worse, malware.
- Fake updates. Rogue security programs may be masqueraded as (fake) updates, mostly Java or Flash. If you’re viewing fake pop-ups while browsing, be aware that your system has become a target of online fraudsters.
- Peer-to-peer communities. And torrents. Don’t download anything from untrusted p2p pages, be it free or cracked software products, movies, or music. Or whatever you’re seeking to download for free.
- Botnets. Botnets, consisting of thousands of bot-infected PCs, are mostly used to send out spam in various malicious campaigns. However, researchers at SecureWorks warn that botnets are also deployed to download rogue AV programs onto users’ machines. According to researchers, it’s a proven method to monetize a certain botnet.
How to improve your protection against rogue AVs?
Firstly, when you land on a page that tries too hard to persuade you to download a certain product, inspect it closely.
Is the website written in perfect English (or whatever language it is written in)? Typos, wrong letter capitalization and spelling mistakes serve as an indication not only of poor grammar but also of rogue intentions. If the software developers were truly dedicated to their product and its promotion, they wouldn’t have made all those mistakes.
Here’s an example:
Image Source: MakeUseOf.com
As visible, those phrases don’t make any sense. Downloading the product won’t make any, either.
Finally, here’s how to remove the rogue AV program
If it’s too late and you already have a rogue AV program constantly scanning your system and flooding you with annoying pop-up alerts, refer to the steps below.