Your SlideShare is downloading. ×
  • Like
How to tell if that pop-up window is offering you a rogue anti-malware product
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

How to tell if that pop-up window is offering you a rogue anti-malware product

  • 343 views
Published

Rogue anti-malware products are a bane for every Internet user, especially those who have little or no technical knowhow. These are hundreds of scare ware ‘products’ on the Internet. This white paper …

Rogue anti-malware products are a bane for every Internet user, especially those who have little or no technical knowhow. These are hundreds of scare ware ‘products’ on the Internet. This white paper examines this type of scam, explains how they work, what to look out for and how to prevent your computer from being infected.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
343
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. GFI White Paper How to tell if that pop-up window is offering you a rogue anti-malware productRogue anti-malware products are a bane for every Internet user, especially those who have little or no technical knowhow. These are hundreds of scare ware ‘products’ on the Internet.This white paper examines this type of scam, explains how they work, what to look out for and how to prevent your computer from being infected.
  • 2. Contents Introduction 3 A list of ‘bad stuff’: GFI Labs descriptions of rogues 5 A list of legitimate anti-malware companies and products 6 Certification groups: other sites that list legitimate anti-malware products 7 Search the web 8 If you need anti-malware protection 10 Summary: How to identify rogues 10 About GFI® 10 2
  • 3. IntroductionRogue anti-malware products are among the most persistent and annoying types of malware. Often called‘scare ware’, rogues are usually do-nothing computer programs that mimic legitimate security software andare sold to unsuspecting victims. They are a fraud that has plagued Internet users at least since 2005. Therehave been instances, too, of rogues that plant spyware on a victim’s machines. Rogue distributors also havebeen known to steal credit card numbers that their victims use to pay for their applications.GFI Labs’ website lists more than 600 named rogues that have been found in the last six years. The number offiles associated with these that VIPRE detects is in the thousands.Recently GFI Labs has determined that after several years of increases, the number of new rogues had leveledoff at about 160 per year. The malicious operators who distribute them also distribute clones of these rogues,sometimes on a daily basis. They change little more than the names on the graphic interface and distributethem again in an attempt to evade detection by security software and to fool victims.How to tell if that pop-up window is offering you a rogue anti-malware product 3
  • 4. The rogues all have legitimate-sounding names. And they look like the real thing. Below is the graphicinterface from the Windows Problems Solution. It’s a rogue security product in the Privacy Center family thatpretends to find system problems, registry errors and malicious code on a victim’s machine in order to frightenhim or her into purchasing it. It is a non-functional piece of fake software.Windows Problems Solution graphic interface:Here is the warning pop-up window that comes with the Windows Problems Solution rogue:Typically, a victim purchases a rogue after seeing alarming windows pop up on his PC screen with a messagelike: “YOUR COMPUTER IS INFECTED!” The pop-up windows guide him through the steps necessary topurchase the phony product (credit cards accepted). Often it then scans and removes all the dozen or so(phony) viruses from his or her PC.How to tell if that pop-up window is offering you a rogue anti-malware product 4
  • 5. At best, the victim has just bought a piece of useless software that does absolutely nothing except showalarming pop-up windows. At worst his or her credit card information has been stolen and is for sale on theInternet black market. Some rogues install malware that steals personal information from a PC, connect it to abotnet and leave it accessible to the scammer for other malicious uses.The rogue ware looks like professional software. So how is the average home Internet user to tell thedifference? For that matter, how is the average home Internet user to know if ANY antivirus, anti-spyware oranti-anything product is real?There are three ways. First, one can look up the product name in a list of ‘bad stuff’. Second, he can look it up onthe website of a real product certification body. Third, he can search for it on the web and interpret the results.A list of ‘bad stuff’: GFI Labs descriptions of roguesThe GFI Labs website lets visitors search for descriptions of rogues and other malware. It also carries a RogueAntispyware Blog that describes what the rogues do.The blog can be found at: http://rogueantispyware.blogspot.com. You will also find detailed instructions onhow to remove the different types of rogue software.To find the GFI description of a rogue product quickly on the blog page, just search for its name in the box inthe upper left corner of the page. For example, let’s search for “Windows Problems Solution.”How to tell if that pop-up window is offering you a rogue anti-malware product 5
  • 6. The result? Our description of the rogue.A list of legitimate anti-malware companies and productsTo determine if an anti-malware product is legitimate, you can look it up on the website of the company thatmakes it. How can you tell if the company is legitimate? After all, as the saying goes, “on the Internet, nobodyknows you’re a dog.”To verify is the company is legitimate and offer legitimate antivirus software, you can to to the VirusTotalwebsite. VirusTotal is a tool that malware analysts use to test a sample of malware and tell if different anti-malware products detect it and what they call it. It’s “...a service that analyzes suspicious files and facilitates thequick detection of viruses, worms, Trojans, and all kinds of malware detected by antivirus engines.”You can find a list of the companies that participate in VirusTotal with their antivirus engines here:http://www.virustotal.com/about.html (credits tab).Unfortunately, each of the companies listed has products with different names that may not be on this list. Forexample, GFI Labs (listed also as Sunbelt Software) sells VIPRE and CounterSpy. Another point to remember isthat all vendors bring new products to market very frequently.The VirusTotal page is, however, a good place to start. If the company is listed there, it’s legitimate. New,legitimate AV companies pop up from time to time, so to check even further, you can go to the vendor’s pageand specifically look up the product you have doubts about.How to tell if that pop-up window is offering you a rogue anti-malware product 6
  • 7. Certification groups: other sites that list legitimate anti-malware productsThere are a number of ‘certification bodies’ – companies and organizations that test anti-malware products tosee if they are capable of detecting and treating current malware. One such group is Westcoast Labs(http://www.westcoastlabs.org). Westcoast certifies most major anti-malware products. You can enter thename of a company or anti-malware product in the search box on their website to see if they have rated it.If you’re searching for a legitimate product, the site should show you a listing such as the following:How to tell if that pop-up window is offering you a rogue anti-malware product 7
  • 8. Search the webThis is the quickest and most convenient way to see if an application someone is trying to sell you is a rogueor not. However, you must interpret the results. Here’s an example, try searching for the rogue WindowsProblems Solution.As you can see from the screenshot below there is a large number of websites listed that have phrases thatgive away the fact that this is not a good thing: “how to remove”, “how to get rid of” and “rogue” are a few.How to tell if that pop-up window is offering you a rogue anti-malware product 8
  • 9. A similar web search for a legitimate product shows a much different return. Let’s try a search for “VIPRE.”It is possible that a rogue product could be distributed by a group with a website, and that page couldshow up as a hit in a web search. You only need to read the hits from the search engine to get a sense thatsomething isn’t right.How to tell if that pop-up window is offering you a rogue anti-malware product 9
  • 10. If you need anti-malware protectionIf you have a PC and you turn it on, you need anti-malware protection. There are numerous products thatprovide comprehensive antivirus and anti-malware protection for computer users. GFI Software offers GFIVIPRE, an award-winning product that not only provides excellent protection but does not impact negativelyon your computer’s performance.If you would like more information on rogue and nearly 2,500 files associated with rogue products on the GFILabs site, go to: http://www.sunbeltsecurity.com/BrowseCategories.aspx.Threat type is “Misc” and Threat Category is “Rogue Security Program.”Summary: How to identify roguesTo summarize here are five straightforward tips to follow:1. The first signs of a rogue security product (sometimes called ‘scareware’) are the alarming screens that usually warn of infections by numerous viruses or, more recently, hard disk ‘read-write errors’.2. The rogue application, after giving dire warnings, will then tell you that you must pay for the product before it can clean the threats.3. The rogues usually holds your machine hostage with annoying pop-up windows until you pay for its software (they take credit cards).4. A web search will reveal that the rogue’s name is not a legitimate AV product name.5. The rogue’s warning screens appear illogically.About GFIGFI Software provides web and mail security, archiving, backup and fax, networking and security softwareand hosted IT solutions for small to medium-sized enterprises (SMEs) via an extensive global partnercommunity. GFI products are available either as on-premise solutions, in the cloud or as a hybrid of bothdelivery models. With award-winning technology, a competitive pricing strategy, and a strong focus on theunique requirements of SMEs, GFI satisfies the IT needs of organizations on a global scale. The company hasoffices in the United States (North Carolina, California and Florida), UK (London and Dundee), Austria, Australia,Malta, Hong Kong, Philippines and Romania, which together support hundreds of thousands of installationsworldwide. GFI is a channel-focused company with thousands of partners throughout the world and is also aMicrosoft Gold Certified Partner.More information about GFI can be found at http://www.gfi.com.How to tell if that pop-up window is offering you a rogue anti-malware product 10
  • 11. USA, CANADA AND CENTRAL AND SOUTH AMERICA15300 Weston Parkway, Suite 104, Cary, NC 27513, USATelephone: +1 (888) 243-4329Fax: +1 (919) 379-3402ussales@gfi.comUK AND REPUBLIC OF IRELANDMagna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UKTelephone: +44 (0) 870 770 5370Fax: +44 (0) 870 770 5377sales@gfi.co.ukEUROPE, MIDDLE EAST AND AFRICAGFI House, San Andrea Street, San Gwann, SGN 1612, MaltaTelephone: +356 2205 2000Fax: +356 2138 2419sales@gfi.comAUSTRALIA AND NEW ZEALAND83 King William Road, Unley 5061, South AustraliaTelephone: +61 8 8273 3000Fax: +61 8 8273 3099sales@gfiap.comDisclaimer© 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners.The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including butnot limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequentialdamages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure theaccuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out-of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained inthis document.If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.