From the category archives:

Scareware Rogues

Rogue-Security Essentials 2010

by certifiedbug on February 25, 2010

in Scareware Rogues

Rogue security products use false advertising, drop malware and often have a similar name or appearance to legitimate security software.

Scareware has already mimicked the Windows Security Center. This one mimics Microsoft Security Essentials and calls itself “Security Essentials 2010”.

Microsoft Malware Protection Center.

As we in the MMPC have always been quick to point out, Microsoft Security Essentials can be downloaded and used without charge by users running genuine Windows (from here: http://www.microsoft.com/security_essentials/). So anything mimicking Microsoft Security Essentials but asking for any sort of payment is clearly Up To No Good.

Screen-shots and more information at the MMPC Threat Research & Response Blog.

Microsoft detects the imposter as Trojan:Win32/Fakeinit. Encyclopedia here

http://certifiedbug.com/blog/category/scareware-rogues/

{ 0 comments }

Fake Antivirus adds “Support”

by certifiedbug on February 15, 2010

in Scareware Rogues

Rogue security programs usually pop up a screen informing users that their PC is infected with malware. The user, understandably alarmed by the nonstop pop-ups which suddenly appear on their frozen screen, will often click to make a purchase and download the “fake” software which claims it will remove the infection. In a nutshell that “is” the infection and a lucrative business for criminals.

According to researchers at Symantec the authors of Live PC Care have taken things to the next level. The free trial version of Live PC Care includes a yellow online support button. Clicking on that button connects the potential victim with so-called “support agents” who will answer questions about the product via instant message.

Fake AV & Talking With The Enemy

http://certifiedbug.com/blog/category/scareware-rogues/

{ 0 comments }

System Adware Scanner 2010, rogue with fake credentials

December 16, 2009

Sunbelt Blog: New rogue borrows massively from AV company sites
Although the group claims 10 million users world-wide, oddly enough their site was only registered Nov. 25.
It seems they also have recruited the entire management team from AVG anti-virus company as well. Right!
Article

Read the full article →

FBI warns consumers about rogue security programs

December 16, 2009

Press Release December 11, 2009.
The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software [...]

Read the full article →

Cleaner affiliates gotcha

October 18, 2009

S!ri, a well known and respected malware fighter in the security community, wrote that some webmasters (cleaner affiliates) regularly use the screenshots that he made after analyzing a rogue, in their own blog posts.
The cleaner affiliates write about the dangerousness of the rogue and link to a “Free” Scan or “Free” Removal tool which [...]

Read the full article →

Rogue-Personal Antivirus

April 17, 2009

While performing a search I saw the red warning circle given by Web Of Trust (WOT) to sites they have rated dangerous.
Normally one should stop there people but I was digging. In a clean, uninfected virtual machine I opened the url which took awhile to load its nasty stuff and then the popups began.

[...]

Read the full article →

advancedprotectionscanner.com et al-rogues deployed

March 22, 2009

The Russian Business Network affiliate involved has established a front company, autonomous system AS48669 NTCOLO-AS NTCOLO, and has been allocated 510 unique IP addresses. AS48669 consists of 105 malware domains, 19 domain name servers, 8 mail servers and 3 fraudulent payment processors.
List of current IPs Secure Home Networks

Read the full article →

Drop for Rogue ‘Internet Antivirus Pro’ Gotscan, user4scan

March 16, 2009

Redirect from gotscan.com to user4scan.com. <– Do not go to either.

Received typical scareware warnings, rogue was not detected by my anti virus program. The installer repeatably failed, popping up the same windows and freezing the browser.
Domain Name: USER4SCAN.COM
IP Location: Germany – Berlin – Berlin – Netdirekt E.k
Registration Service Provided By: SELLOUT.NAME
Creation Date: 12-Mar-2009
Expiration [...]

Read the full article →

New Rogue XpyBurner

February 9, 2009

Scareware Spyburner becomes XpyBurner.

From EULA.
C. Some of our products may be unsuited to run with other software. We have the right to uninstall incompatible products. We will notify our customers before uninstalling such products. A customer cannot claim a refund if the reason is a requisition or removal of conflicting software.
Coexistence of some products may [...]

Read the full article →

New Rogue-Total Defender

January 26, 2009

An interesting thing we noticed is that the Rogue did not attempt to scare us into purchasing it, rather telling us that the computer was secure after the scan. The Rogue authors are probably doing this to keep a high amount of Rogue installations active for the purposes of data theft or for hire [...]

Read the full article →

← Previous Entries