What’s a Rogue – And Why Do You Need to Know?
You may not be familiar with the term ‘rogue software’ but there’s a very good chance that you or someone you know either has experienced it, or will in the near future. As malware writers inundate the web with rogue anti-malware programs, this kind of trickery is becoming more and more common, and now poses one of today’s greatest security challenges to computer users.. Let’s take some facts and figures on these fake anti-malware programs into consideration:
- In the end of December, the U.S. FBI released its first public alert on scareware, warning computer users to be wary of pop-ups that report security problems on their PC’s.
- The estimated dollar loss to victims that this type of malware has resulted in, according to the FBI: $150 million.1
- According to Lavasoft Malware Labs analysts, the number of rogue applications is rising at an alarming rate. In 2005, 11 new rogues programs were found; in 2006, 39 new rogue programs were found; in 2007, 119 new rogues were found; in 2008, 225 new rogues were found; in 2009, 233 new rogues were found. December 2009 alone saw the release of 28 new rogues – almost one new rogue per day.
Due to today’s range of online risks, most of us are well aware that we need anti-malware protection on our computers in order to stay safe and secure online. The problem: not all anti-malware programs actually do what they say they will, and some are really just malware in disguise. In fact, malware authors are using your recognition that security software is a needed part of your online defense to scam you.
What exactly is a rogue? Rogue security applications are sometimes referred to as scareware because they try to frighten users into thinking they need to buy a certain program. Taking the form of legitimate-looking anti-virus, anti-spyware and anti-malware products, these rogue applications appear beneficial from a security perspective but provide little or no protection, generate misleading alerts, or attempt to lure you into a bogus transaction; essentially, they are malware, pretending to be genuine Internet security programs, and they aim to steal your money, private information, or expose you to other high risk cyber threats.
How do these rogue programs propagate? Rogues are distributed in a variety of ways, using social engineering tactics to deceive and mislead people. For example:
- You may see an ad for a security software product pop-up on your PC as your browsing the Web, warning you that your PC is infected with malware, prompting you to download a specific program to remove it.
- It may be distributed by a fake codec (supposedly necessary to view a certain video).
- You may see messages that appear to come from your operating system, telling you that your system is infected, and pushing you to take a certain action, like visit a website or download a program.
What do these programs do? Microsoft’s Help and Support page explains it well, stating that, “Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.”2
At Lavasoft, our Malware Labs analysts are in a constant fight to find these rogue programs, and add them to Ad-Aware’s Detection Database of online threats in order to keep you safe.
Still, rogue authors know they have a successful business model, and keep churning out new rogues, in order to snare new potential victims. This is shown most evidently by the growth of rogues in recent years. From 2005 to 2009, the number of rogue applications increased by 2,018 percent.
What can you do to educate yourself and stay safe? Enter the Rogue Gallery. The Rogue Gallery is part of Lavasoft’s commitment to stop the spread of these rogue programs, giving consumers a practical resource to quickly and clearly identify what programs are rogue – and avoid them.
“It can be quite difficult for the average Internet user to keep track of these rogue programs. Inspired by the great work done before us by Spywarewarrior.com – a fantastic resource in its day which really helped a lot of users – we wanted to continue the work started and create a site with both historical information about older rogues as well as up- to-date information about the latest rogue threats,” says Andrew Browne, head of the Malware Labs at Lavasoft.
The Rogue Gallery, powered by the Malware Labs at Lavasoft, lists every rogue added to Ad-Aware’s threat database throughout Lavasoft’s history. It currently houses over 500 rogue applications, and is updated upon a new rogue program discovery. Using this resource, consumers are able to search for rogues in alphabetical order or choose to display the latest threats. Also included on the site is a link to “Submit a Rogue”, giving users the ability to quickly and easily send any suspicious programs directly to the Malware Labs to be analyzed and added to detection if necessary.
“There are many sites that have fragments of information about rogues or just aren’t updated regularly enough to be useful. In the Lavasoft Rogue Gallery, you’ll find the names of every rogue seen, a screenshot of its user interface and additional information about it. We update the site every time a new rogue is identified and hope users will use the information to avoid becoming victims of scareware,” Browne says.
The Rogue Gallery is available at http://www.lavasoft.com/mylavasoft/rogues. Want more tips? For six tactics you can use to help keep you, your friends, and your family from becoming victims of rogues, read our article, “ How to Avoid Rogue Security Software.”