What’s a rogue and why do you need to know?

You may not be familiar with the term rogue software but there’s a very good chance that you or someone you know either has experienced it, or will in the near future. As malware writers inundate the web with rogue anti-malware programs, this kind of trickery is becoming more and more common, and now poses one of today’s greatest security challenges to computer users.

Let’s take some facts and figures on these fake anti-malware programs into consideration:

• In the end of December, the U.S. FBI released its first public alert on scareware, warning computer users to be wary of pop-ups that report security problems on their PC’s.
• The estimated dollar loss to victims that this type of malware has resulted in, according to the FBI: $150 million.
• According to Lavasoft Malware Labs analysts, the number of rogue applications is rising at an alarming rate. In 2005, 11 new rogues programs were found; in 2006, 39 new rogue programs were found; in 2007, 119 new rogues were found; in 2008, 225 new rogues were found; in 2009, 233 new rogues were found. December 2009 alone saw the release of 28 new rogues – almost one new rogue per day.

What exactly is a rogue?

Due to today’s range of online risks, most of us are well aware that we need anti-malware protection on our computers in order to stay safe and secure online. The problem: not all anti-malware programs actually do what they say they will, and some are really just malware in disguise. In fact, malware authors are using your recognition that security software is a needed part of your online defense to scam you.

Rogue security applications are sometimes referred to as scareware because they try to frighten users into thinking they need to buy a certain program. Taking the form of legitimate-looking anti-virus, anti-spyware and anti-malware products, these rogue applications appear beneficial from a security perspective but provide little or no protection, generate misleading alerts, or attempt to lure you into a bogus transaction; essentially, they are malware, pretending to be genuine Internet security programs, and they aim to steal your money, private information, or expose you to other high risk cyber threats.

How do these rogue programs propagate?
Rogues are distributed in a variety of ways, using social engineering tactics to deceive and mislead people. For example:

• You may see an ad for a security software product pop-up on your PC as your browsing the Web, warning you that your PC is infected with malware, prompting you to download a specific program to remove it.
• It may be distributed by a fake codec (supposedly necessary to view a certain video).
• You may see messages that appear to come from your operating system, telling you that your system is infected, and pushing you to take a certain action, like visit a website or download a program.

What do these programs do?

Microsoft’s Help and Support page explains it well, stating that, “Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.”

Rogue authors know they have a successful business model, and keep churning out new rogues, in order to snare new potential victims. This is shown most evidently by the growth of rogues in recent years. From 2005 to 2009, the number of rogue applications increased by 2,018 percent.

Author: Erin Earley, editor of Lavasoft News.