Well, it looks like rogues are going to be in style this season.
Our good friends at McAfee AV have predicted that the 400 percent increase in rogues (also called “scareware”) they saw in 2009 will continue this year. The loss to victims will be on the order of $300 million they also estimated.
Here at Sunbelt, we’re seeing a huge increase in rogue detections as well – nearly 30 percent increase in just the last three months. We list 1,965 rogues in our VIPRE detections and we’re detecting a constantly increasing number of them. VIPRE and CounterSpy installations report these detections to the Sunbelt ThreatNet. Just pulling some fast numbers out of ThreatNet, I found a 29 percent increase in VIPRE and CounterSpy detections when comparing the daily average for February against that of December.
In the event you’ve been living in a cave (with no Internet service) for the last two years, rogues are thieving malicious programs that pretend to be legitimate anti-malcode products. They are real money makers for organized and disorganized criminals who work through the Internet.
Sadly, security people have been working for most of 20 years to raise the public consciousness about malicious code and the need to run anti-malcode protection. About the time the message really began to sink in, the slimeballs of the world started distributing fake security programs that impersonate the graphic interfaces of legitimate products and use names that have a legitimate look to them.
The scammers behind the rogues often distribute them by using botnets to send vast amounts of spam, advertising a variety of products. When a victim clicks on a link in the spam message, he’s taken to a malicious web site that pops up a window in his browser telling him in the most frightening terms possible that his machine is infected. The pop-up window also conveniently offers to download a product to clean his infected machine for a variety of prices, some as high as $99.99. If the victim bites on the offer, he purchases a piece of useless software that does nothing. Obviously, if you run across one, don’t buy it.
Rogues also are being peddled through search engine optimization scams. The rogue distributors use botnets to game search engines like Google into presenting their malicious sites in the top search results for the most popular, up-to-the-minute search terms. When victims click on the links that show up in search results, they’re taken to the malicious sites that pop up the alarming warnings.
If you run into an application that you think might be a rogue, you can check its name against the Sunbelt Rogue Blog: http://rogueantispyware.blogspot.com/
Here’s a link to one of our blog entries from last month about one such SEO poisoning:
“SEO poisoning not in well, but it’s aiming for the water heater”
Tom Kelchner