A growing threat to PC health and network security comes in the form of rogue antivirus and antispyware programs circulating on the Internet. These programs use a variety of techniques to infect computers. A common way is with a web pop-up from a compromised site, which indicates that the user’s PC is infected with spyware and offers a free download to scan and clean the computer. Accepting the offer actually installs the malicious software. Sometimes clicking “Cancel” or even the red “x” to close the window will launch the installer. Other infection methods include the use of Trojan downloaders that are already present on specific PCs, links in spam, and even “unauthorized” infections.

Malicious software often has a very professional-looking interface, complete with advanced graphical displays and a good command of security buzzwords. They are usually linked to impressive websites that list the virtues and recognition of the software industry, which is, of course, fictitious. All of the names sound like legitimate anti-malware software, and in some cases, they will be almost identical to genuine security software. Some recent names include AntiSpyware Master, SpyGuarder, and Doctor Antivirus.

The main goal of most rogue security software is to trick the user into buying an “upgrade”, which typically costs between $ 30.00 and $ 50.00. These malicious programs will run artificial “scans” of the affected computer and report any number of viruses, Trojans, worms, spyware, and adware. Usually these reports are all false positives, as the malicious software does not scan the computer. It then promises to clean all these threats from the PC if the user follows a link and purchases the update. The update may or may not prevent the scanning program from continuing to report false positives. In any case, it is likely to lead to more serious infections, as these rogue programs are associated with a variety of Trojans and other malware.

Some of the more malicious rogue anti-malware programs have more nefarious goals. They install key loggers to steal confidential information or agents to add the infected computer to a botnet. The prevalence of rogue security software is increasing. Trend Micro has reported a five-fold increase year-over-year and estimates that these applications account for up to 10 percent of all current infections.

Removal of this type of malware rarely works with the normal “Add and Remove Programs” utility. Manual removal generally involves booting into Windows Safe Mode, searching for and removing specific files, unregistering affected DLL files, and editing the registry. In other words, the removal is beyond the capabilities of many end users. There are some free utilities that can help, such as the free Rogue Remover utility from Malwarebyte.com. Naturally, proactive defense is preferred. Users should never trust a website that claims to have discovered malware on their PCs without being asked. Free scans should only be ordered from known and trusted sites. Rogue applications are often detected by genuine anti-malware applications, so keeping anti-virus programs, firewalls, and email scanners up-to-date will mitigate the risk of infection.