madison
Home / News & Blogs

Rogue security programs are 'ongoing threat'

Vivian Yeo ZDNet Asia | October 20, 2009 5:17 AM PDT

Summary

Symantec's report on rogue security software noted that 250 rogue security programs launched some 43 million attempts to prompt user installation between July 2008 and June 2009.

Topics

Symantec Corp., Rogue Security Program, Security Program, Security Software, security, scareware, Symantec, Vivian Yeo ZDNet Asia
Rogue security software, also dubbed scareware, is an "ongoing threat" that is impacting largely users from English-speaking markets, according to findings from a year-long study by Symantec.

Released Tuesday, Symantec's report on rogue security software noted that 250 rogue security programs launched some 43 million attempts to prompt user installation between July 2008 and June 2009.

Read also: Fake 'Conflicker.B Infection Alert' spam campaign drops scareware

Further analysis on the top 50 most reported scareware was carried out between July and August this year, during which Symantec found that 38 of the programs had been detected prior to Jul. 1, 2008.

"The continued prevalence of these programs emphasizes the ongoing threat they pose to potential victims, despite efforts to shut them down and raise public awareness," the security vendor said in the report.

The five most commonly reported rogue security applications during the study were SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, Spyware Secure and XP AntiVirus.

For more, read "Rogue security programs are 'ongoing threat'" from ZDNet Asia.

Talkback Most Recent of 36 Talkback(s)

  • The sites of these 'rogue security programs'
    Should be immediately shut down when they are
    found, by doing a DDoS attack if necessary.
    There is no reason to allow these bastards to
    shill their break-ware on the rest of us in the
    world.
    ZDNet Gravatar
    Lerianis10
    20th Oct 2009
  • Getting worse...
    I've seen a hugh increase in infections from these programs lately. The pop-up advertising from browsing are getting very convincing. It's sad when users can even recognize the AV program that is actually on their computer over a rouge pop-up that looks legit, but can be easy to spot as fake.
    ZDNet Gravatar
    Narg
    20th Oct 2009
  • Not always so easy to spot...
    I once got a very realistic popup that looked like a Vista Computer window with a fake scanning progress bar. Now I've never seen a scanner in the Computer window, but if you're a new Vista user, you don't know how Vista works yet! 'Maybe thats how Windows Defender works now', they may think.

    Fortunately I was on my XP laptop when it happened and didn't get click happy with it. I would have shut it down with tasks manager anyway; I've got into that habit a long time ago, because of regular malicious popups. So now I do it with many processes Windows doesn't want to close.

    I only click the red [X] if it is a bona fide IE or FireFox window, and even then, I have now begun closing those using the task bar.
    ZDNet Gravatar
    JCitizen
    20th Oct 2009
  • Actually, yes...
    I tell my users who ask me about it, give your drives a name. The scareware animation will say "Scanning: Local Disk (C:)", but your C:\ drive label is "My_C_Drive", not Local Disk, which no drive label.

    Another trick is to either split your C:\ into two partitions or install another hard drive. The animation assumes you only have one drive/partition (note that the drive size is never displayed). "Where's the D:\ drive?" -- Obviously a trick.

    Then use any of the herein described methods to kill the threat.
    ZDNet Gravatar
    Worth2Cents
    21st Oct 2009
  • I simply tell my users...
    to end ALL unexpected process or changes with task manager, then run CCleaner to clean out the temp files.

    NIS 2010 reports blocking some of them.

    MBAM blocks every one of these anyway, so far.

    Even someone on a budget can afford the lifetime license.
    ZDNet Gravatar
    JCitizen
    25th Oct 2009
  • Advice ! !
    Hit Ctrl + Alt + Del FAST if a web page says scanning your computer or won't let you exit the page or has a a click to exit prompt, and close the browser window from task manager.

    Failing this, hit the RESET button FAST!!!!
    ZDNet Gravatar
    chaz15
    20th Oct 2009
  • Close the tab or the browser.
    First, always keep your OS and browser up to date.

    But in general, close the tab or the browser. An ad like this can't control the browser itself, just the page.

    Don't click on the page itself or download anything.

    Generally, it's not a big deal as long as everything is up to date.
    ZDNet Gravatar
    CobraA1
    20th Oct 2009
  • I hit Ctrl-Alt-Del and then task manager..
    just to hedge on the safe side; once and a while I have simple closed the window using the task bar. Like you said, it isn't particularly big deal as long as you don't click anywhere on the window.

    However I got one that looked EXACTLY like a UAC box, and the only reason I didn't click [cancel], was because I was too busy trying to write down the goofy code string I saw on the box. It timed out before I could check it out. Next time I'll take a screen shot.

    I didn't even notice there was no password box on it, even though it was on the restricted account!
    ZDNet Gravatar
    JCitizen
    20th Oct 2009
  • That was me - that was my nanny screen
    And it was put there simply to annoy you.

    grin
    ZDNet Gravatar
    Wintel BSOD
    21st Oct 2009
  • HA!HA!...
    I like your moniker there! laugh

    Perfect comeback!! =)
    ZDNet Gravatar
    JCitizen
    25th Oct 2009
  • RE: Rogue security programs are 'ongoing threat'
    I recently ran into this situation with "SOFT SOLDIER" I ended up using Malwarebytes Antimalware and IOBIT 360 to get rid of it...... I Highly recommend Both Programs C.E.Wilson
    ZDNet Gravatar
    RUGRAT54
    20th Oct 2009
  • MBAM works!!..
    Yep - I put it on, and no more scareware!

    No more Halloween BOO! for me! HA!
    ZDNet Gravatar
    JCitizen
    20th Oct 2009
  • The ad system needs an overhaul.
    The ad system needs an overhaul. We can't really trust the current ad agencies anymore. We need more responsible ones.

    One thing that REALLY annoys me is ads that resize or break out of their ad squares. Even ZDNet has such ads.

    Framkly, maybe it's time to get rid of Flash ads and go back to images and text ads.

    ZDNet, are you willing to take a stand on what types of ads you will allow?
    ZDNet Gravatar
    CobraA1
    20th Oct 2009
  • Use AdBlock Plus...
    and that is what you'll get. I haven't seen an ad in a LONG time! Not even the underlying text ones!
    ZDNet Gravatar
    JCitizen
    20th Oct 2009
  • RE: Use Ad Block Plus
    Like you, I have not seen an ad on ZDNet in a long time. And I can point to Ad Block Plus as the reason why. Couple it with a good set of filters, and you can kiss obnoxious ads goodbye!!

    One of the primary reasons why I block ads is due to their consuming MY bandwidth, and slowing down page loads. It is the worst when dial up is your only ($$$) acceptable option.

    Many sites serve up ads from third party CDN (I call them crap delivery network) sites, like akamai.net. Recently, the NY Times was serving up poisoned ads from an infected ad server. Why even take the chance. If it comes from a third party site - BLOCK IT!!! That is one way to kill XSS (cross site scripting) attacks.

    Browser users have to be vigilant. Using a computer is not set and forget! unless you want to be 'pwned'.
    ZDNet Gravatar
    fatman65535
    21st Oct 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity