Scareware Rogues

MSFT-MMPC Blog
Making the most of fear and deception – rogue v ransomware (part 1)

Fear can be a great motivator for getting someone to act on the receipt of a message (think public health messages regarding smoking, or wearing sunscreen). Add some deception in there, and you have a powerful tool of illegitimate influence that can be used to get people to act in ways that are not in their best interest. Unsurprisingly, the same folks that bring you malware are the same folks that have no problem at all using illegitimate and deceptive fear appeals to get you to do something that they want that might not be so great for you. This post contrasts two types of malware that rely on fear, deception and technology in order to accomplish their ultimate goal. One type is increasing in prevalence, and another is on the way down (but certainly not out).

Article:
http://blogs.technet.com/b/mmpc/archive/2013/01/09/making-the-most-of-fear-and-deception-rogue-v-ransomware.aspx

{ 0 comments }

Scareware Industry lull

by certifiedbug on August 3, 2011

in Scareware Rogues

Another great article from Brian Krebs.

Fake Antivirus Industry Down, But Not Out

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.

http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/

{ 0 comments }

Fake anti-virus attack on Twitter

by certifiedbug on January 20, 2011

in Scareware Rogues

Graham Cluley

Thousands of Twitter users are finding that their accounts have been tweeting out malicious links without their permission, pointing to a fake anti-virus attack.

If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer. You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems.

http://nakedsecurity.sophos.com/2011/01/20/fake-anti-virus-attack-twitter-via-goo-gl-links/

{ 0 comments }

FakeSysdef-Diary of a scamware

by certifiedbug on December 2, 2010

in Scareware Rogues

Malware that has already passed through various iterations.

Microsoft Malware Protection Center.

Initially it was “System Defragmenter”, then “Scan Disk” and now it’s called “Check Disk”. While the name will most certainly change again, the main goal of Trojan:Win32/FakeSysdef will surely remain the same: to trick you into buying a piece of software that does nothing except scare you with fake warnings, critical “errors” and other “problems”.

As the name suggests, this malware imitates a hard disk defragmenter. It will pretend to scan your computer for problems such as: it “checks” if your hard disk is working correctly, “defragments” it, and even checks the health status of your RAM and GPU (Graphic Processor Unit). Of course, once you start checking for problems using this ‘program’ it is going to “find” a bucketful of them:

* Bad sectors
* RAM fragmentation
* Registry errors
* Very high CPU/GPU temperature
* RAM failures

Story and screenshots:
http://blogs.technet.com/b/mmpc/archive/2010/12/01/fakesysdef-we-can-defragment-that-for-you-wholesale-diary-of-a-scamware.aspx

{ 0 comments }

Rogue-Security Essentials 2010

February 25, 2010

Rogue security products use false advertising, drop malware and often have a similar name or appearance to legitimate security software. Scareware has already mimicked the Windows Security Center. This one mimics Microsoft Security Essentials and calls itself “Security Essentials 2010”. Microsoft Malware Protection Center. As we in the MMPC have always been quick to point […]

Read the full article →

Fake Antivirus adds “Support”

February 15, 2010

Rogue security programs usually pop up a screen informing users that their PC is infected with malware. The user, understandably alarmed by the nonstop pop-ups which suddenly appear on their frozen screen, will often click to make a purchase and download the “fake” software which claims it will remove the infection. In a nutshell that […]

Read the full article →

System Adware Scanner 2010, rogue with fake credentials

December 16, 2009

Sunbelt Blog: New rogue borrows massively from AV company sites Although the group claims 10 million users world-wide, oddly enough their site was only registered Nov. 25. It seems they also have recruited the entire management team from AVG anti-virus company as well. Right! Article

Read the full article →

FBI warns consumers about rogue security programs

December 16, 2009

Press Release December 11, 2009. The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus […]

Read the full article →

Cleaner affiliates gotcha

October 18, 2009

S!ri, a well known and respected malware fighter in the security community, wrote that some webmasters (cleaner affiliates) regularly use the screenshots that he made after analyzing a rogue, in their own blog posts. The cleaner affiliates write about the dangerousness of the rogue and link to a “Free” Scan or “Free” Removal tool which […]

Read the full article →

Rogue-Personal Antivirus

April 17, 2009

While performing a search I saw the red warning circle given by Web Of Trust (WOT) to sites they have rated dangerous. Normally one should stop there people but I was digging. In a clean, uninfected virtual machine I opened the url which took awhile to load its nasty stuff and then the popups began. […]

Read the full article →