Tech Shout!

Trend Micro, a leader in network antivirus and content security software and services has announced that rogue security programs are steadily on the rise. People are using these “fake” security programs to exploit social engineering techniques for none other than monetary rewards on the Web.

According to data from tend Micro TrendLabs, rogue security programs have increased from 2% in early 2006 to over 10% in March 2007. In other words the company has reported of a fivefold year-on-year increase in the use of such programs, which claim to clean a computer, but end up infecting users.

Basically, rogue security applications are stealthily downloaded and installed on a user’s PC. They repeatedly warn the user, in several ways, that their PC has been infected by some form of malware when in reality wither no infection exists, or malware is installed along with the downloaded rogue software.

The programs can be installed in many different and rather “creative” ways. For instance, malicious use of a Windows exploit can enable the malware author to stealthily install the program when a user simply opens an email or views a Web site.

Yet another method used is when a user visits a Web site with video content, the site may instruct the victim to download a video codec in order to view the content. But, instead of downloading a codec, the rogue anti-spyware is downloaded, and a simple command plays the video.

Pop-up banner ads that entice users to download “required” software also provide a means for malware authors to download this rogue software.

However, in any case, the software, which operates as a “free trial”, offers an upgrade at a fee for full functionality.

Suspect software includes Winfixer, SpywareQuake, ErrorSafe, ErrorGuard, SpyShield, ApyAxe, SpywareNuker and, most recently, Spyhealer, DriveCleaner and SystemDoctor.

According to George Moore, threat researcher at Trend Micro, “Rogue security programs are clearly on the rise, and users must demonstrate caution and always be alert when downloading software.”

“In addition, they need to protect their systems by using the latest security software against Web threats from a known and reliable vendor,” he added.

Trend Micro advises computer users to employ these practices in order to avoid infection by rogue security programs:

Users should only purchase and use legitimate, trusted, name-brand security software (which can detect the installation of most rogue anti-spyware).

If notified of an infection, seek a second opinion from a reputable online scanning service (such as Trend Micro HouseCall™ (www.housecall.trendmicro.com).

When purchasing security software, check online reviews and feedback from users, as well as review the software Web site before purchasing, and use only a secure connection when purchasing. Look out for the padlock symbol in the bottom right hand corner of your window, indicating you are visiting a secured site.

Check the validity of the software against lists of rogue software compiled by independent analysts (such as Spyware Warrior (http://spywarewarrior.com/).