Malware Research Threat Database Rogue Anti-Spyware Program

Rogue Anti-Spyware Program

Rogue anti-spyware (or rogue security software) is an application that uses malware or malicious tools to advertise or install itself or to force computer users to pay for removal of nonexistent infections. Rogue anti-spyware will often install a Trojan horse to download a trial version of the rogue anti-spyware program or it will execute other unwanted actions.

The main goal of rogue anti-spyware developers is to install and sell their product. In order to attempt to install their program, fake Windows dialog boxes and other browser pop-ups are often displayed attempting to entice the user to click on them. Usually they will display a message warning users that their computer system is infected with numerous parasites and urging the user to purchase and install the offered rogue anti-spyware application.

Example of a Rogue Anti-Spyware program interface

You simply must be careful when selecting an antispyware program, since there are just as many fake ones on the web as there are legitimate ones. Fake antispyware (Rogue Anti-Spyware) programs are modeled off of legitimate programs in hopes of duping wary PC users into buying empty software. A cybercriminal is ultimately behind these fake tools, although it is a Trojan engineering the presentation. Rogue Anti-Spyware programs are also similar to Rogue Anti-Virus applications, which are fake anti-virus apps that cater more to the alleged detection and removal of computer viruses.

Fake antispyware program (Rogue Anti-Spyware) presentations run the same course as most rogue security programs, too engineered by Trojans. First is the distribution vector. Trojans are great at guising their download as something innocent or helpful, so it is highly likely you or someone using your computer blindly clicked on a booby-trapped link or landed on a compromised webpage. While the booby-trapped link is dependent on the victim taking obvious action, the compromised webpage, on the other hand, can react to just a landing. If your browser is vulnerable, i.e. in need of a patch, and your system is absent stealth antimalware protection, the landing could trigger an automatic download of malware on your system. So be careful where you land and what you click on. 

If the Trojan representing the fake antispyware program slips inside your computer, you can expect the following to unfold:

  • Your system may progressively slow or display other unwanted behaviors, i.e. freezing, assault of pop-up advertisements contradicting browser settings, etc.
  • Out of nowhere you will get scary alerts signaling malware is onboard.
  • An interface of a fake antispyware program will appear and run a quick scan without your permission.
    • Fake alerts and warnings will continuously pop-up
    • The quick scan will confirm an attack is underway
    • The victim will be asked to run a full scan to identify actual intruders
    • A long scary list of Trojans and infected files will be returned
    • Empty promises will be made, for example, the fake antispyware program will offer to remove the ‘found intruders’ but first you must BUY the full version of the software

Fake antispyware programs are exactly that – FAKE. They cannot make good on any promises, meaning they cannot remove infections. In fact, they are the infection. Fake antispyware are the work of the devil, aka a cybercriminal, and were not designed to help you but rather cause harm. 

  • The Trojan is planned to rob you of valuable data stored in your browser cache or on your hard drive. System data will also be gathered that identifies other vulnerabilities to aid in planning future malicious attacks.
  • Email addresses may be harvested and used in future email spam campaigns.
  • A port will be opened to not only transfer stolen data but also to serve as a gateway for download of more malicious programs.

Backdoors mimic remote assistance tools and afford a hacker remote access and control of an infected system. Often backdoors are secretly downloaded and installed on infected computers and then sold on the black market to the highest bidder. If a hacker gains remote control, he could secretly use and drain the system resources in a DNS strike and the trails of this illegal activity can lead right to your IP address and ultimately your home. 

Legitimate antispyware tools are meant to filter out programs that spy on your surfing habits and make possible an assault of custom and unwanted advertisements based off key words. If a malicious BHO (browser helper object or plugin) is onboard, your web traffic could be hijacked and you could be forcibly routed to:

  • Arbitrary search engines that encourage click fraud and earn a cybercriminal undue revenue
  • Malicious websites promoting sale of antispyware or antivirus programs
  • Malicious or compromised websites associated with the infamous Blackhole Exploit Kit, thus allowing automatic download of a special cocktail, malware mixed to exploit vulnerabilities on your system

Unfortunately, a lot of legitimate programs as well as malicious ones are secretly collecting data and sometimes it is can be invasive. Antispyware and antimalware solutions monitor behaviors, i.e. programming and processes, and red flag ones that violate the PC’s privacy. Removing invasive programs are not always easy, especially rogue programs and this includes fake antispyware programs. Rogues often contain a rootkit, a malicious tool used to mask and bury malicious files, thus making it hard for novice PC users or subpar antimalware tools to remove them. For example, Trojans of rogue programs are quite stealth and can edit the registry so the malicious executable runs each time Windows is booted. They hide their files by labeling them the same as legitimate operating system files and too house them in the white listed area of such critical files. Many antivirus programs are not able to scan the white listed area, which means they cannot successfully combat rootkits and the malicious files they bury. Therefore, it is highly recommended you seek a formidable opponent – a stealth and professional antimalware solution equipped with an ANTIROOTKIT component to safely and successfully remove hidden malware and fully restore your system back to its normal use.

Most Trending Rogue Anti-Spyware Program in the Last 2 Weeks

# Threat Name Severity Level Alias(es) Detections
1. ANG AntiVirus 09 100 % (High) Mal/FakeAV-X
Medium Risk Virus
Suspicious file
2. SpyGuard 100 % (High) 6
3. Windows Recovery 100 % (High) 13
4. Ultimate Guard
5. SystemDefender 100 % (High) Adware Generic2.PZW
Suspicious file
6. ColoredLambert
7. WinReanimator 100 % (High) TROJ_RENOS.AHR
8. PC Protection Center 2008 100 % (High) Packed.Win32.Tdss.q (v)
Suspicious file
9. Windows Security Suite 100 % (High) Packed.Generic.245
10. TrustDefender
11. System Tool 2011 100 % (High)
12. Personal Security Sentinel 100 % (High) 9
13. Internet Security Essentials 100 % (High)
14. Best Malware Protection 100 % (High)
15. Mac Shield
16. Windows Antihazard Solution 20 % (Normal) Trojan/Win32.Zbot
17. Windows Server Defender
18. 'MAC/iOS Defender Alert' Pop-Ups
19. '' Pop-Up Scam
20. MacFly Pro
21. PC Speed Up 20 % (Normal)
22. Total Virus Scanner
23. Virus Melt 100 % (High) 5
24. Dr.Guard 100 % (High) Artemis!10FFA2087496
25. '.BadNews File Extension' Ransomware
26. SniperSpy 60 % (Medium) 214
27. Virus Remover Professional 100 % (High) 7
28. Antivirus 2010 100 % (High) Troj/FakeAv-IT
Malicious Software
29. AnVi.FakeCog
30. Windows XP Restore 100 % (High) 7

Last updated: 2023-08-17