We’re all familiar with Rogue Antivirus products – but it seems script kiddies on numerous sites out there are starting to crank out their own phony security programs, many of which are confusingly based on the designs of – if you’ll pardon the expression – “genuine” fake AV programs.
Shall we take a look at their handiwork?
Note the shields, the yellow warning triangles, the fake scan results – these guys have clearly seen a lot of fake AV out in the wild! Unfortunately for the creator, it’s a little too OTT and might give the end-user pause for thought if they had to physically click something before becoming infected.
This next one (designed to be entirely harmless, instead asking the user to voluntarily download a malicious file from a URL) almost gets away with being convincing, but ruins it all by including what appears to be a poorly ripped Rapidshare download button:
Running with the idea that a huge green shield with a tick on it is always a good thing to throw into your design, “Eternity Virus Killer” takes the approach that you’re going to be infected the moment you run the file, so adding in lots of fake warnings, flashing lights and useless slider bars is a complete waste of time.
My last example of a program imitating a genuine fake AV (“Genuine fake AV”. I think I have a new favourite phrase) is something that would actually pass for the real deal. Check it out:
For starters, whoever created this has called it “SecureME 2010” which is clearly playing on the good name of a real program called SecureMe used for mobile phone data theft protection. It’s not overloaded like the French app, and not shattering illusions like the other program did with the ludicrous Rapidshare image rip either.
Furthermore, it really looks the part. The creator obviously spent some time looking at rogues – here’s a REAL rogue AV program called “User Protection”:
Can you spot the difference? Much as I hate to admit it, that’s a really well done piece of design work.
Of course, ultimately this is all academic as the end-user probably doesn’t care too much if the file on their PC came from:
a) A shady set of individuals dropping fake antivirus onto their PC with the intention of having them sign away their credit card details or
b) Some script kiddy playing with his “My first Visual Basic” kit.
However, it’s interesting to see how people on forums, sick of making endless “Free XBox Generator points” programs are now moving into emulating the kinds of Rogue Antispyware that have been around for years. Will having two entirely different and unrelated kinds of fake AV confuse security companies with regards dividing these programs up into their respective families? No idea, but it could lead to some unexpected situations. Having said that, nobody in their right mind will hopefully be downloading programs such as the above when the fake box design ends up looking like this:
Whoops. Something tells me I could be wrong, however…
Paper Ghost