Rogue security software is a form of computer malware that deceives or misleads users/victims into paying for the fake or simulated removal of malware, and/or, in some cases, removal of malware intentionally introduced by the rogue security software itself. In recent years, rogue security software has become a growing and serious security threat to computing system and communication networks. This is particularly true given that the methods used by perpetrators of rogue security software have become extremely sophisticated and highly responsive and dynamic over the past few years.
Herein, malware includes, but is not limited to, any software and/or code designed to infiltrate a computing system without the owner's informed and/or explicit consent. Some of the better known forms of malware include computer viruses and spyware.
Rogue security software typically relies on social engineering in order to defeat the security built into modern operating systems, browser software, and security systems, and install itself onto users'/victims' computing systems. Most rogue security software has a Trojan horse component which users/victims are misled into installing onto/into their computing systems. The Trojan horse may be disguised as, but is not limited to: free online malware scanning services; a browser plug-in or extension (typically toolbar); an image, screensaver, or archive file, attached to an e-mail message; a multimedia codec allegedly, or actually, required to play a certain video clip; software shared on peer-to-peer networks; and/or any other examples of the seemingly ever-evolving number of Trojan horse devices. In addition, some rogue security software is propagated onto a user/victim computing system as drive-by downloads which exploit security vulnerabilities in web browsers or e-mail clients to install themselves without any manual interaction by the user.
Once installed, the rogue security software typically generates a malware alert notifying the user/victim of the fake or simulated detection of malware, pornography, or any other undesirable files, on the user's/victim's computing system and/or displays an animation simulating a fake system crash and reboot of user's/victim's computing system. In some instances, the rogue security software includes detailed malware alerts and/or message boxes that list specific files that purportedly are the malware, are infected with the malware, and/or contain the malware. In some instances, the rogue security software alerts the user/victim to performance problems or the need to perform essential housekeeping on the user's/victim's computing system. Often the rogue security software scares the user/victim by presenting authentic-looking pop-up warnings and security alerts, which often very accurately mimic legitimate system and/or security system notices to leverage the trust of the user/victim in vendors of legitimate security software, and/or operating systems, and/or web-sites, and/or businesses.
In addition, some rogue security software selectively disables parts of the computing system to prevent the user/victim from uninstalling them. In addition, some rogue security software may also prevent security systems from running, disable automatic system software updates, and block access to websites of security system vendors.
In some instances, rogue security software may install actual malware onto a computing system and alert the user/victim after “detecting” them. This method is less common as the actual malware is more likely to be detected by legitimate security systems.
Once the rogue security software has alerted, and/or scared, the user/victim into believing their system has been infected with malware, the user/victim is then enticed to pay for malware removal services offered through the rogue security software to remove the fake, simulated, or intentionally introduced, malware. Often the user/victim is then asked to provide credit card, or other payment, information to pay for the malware removal services. In some cases, the user/victim is merely charged the stated amount for the malware removal services, and therefore only the stated amount is effectively stolen from the user/victim. In other cases, the user's/victim's payment information is used to steal lager amounts from the user/victim and/or to achieve identity theft.
Currently, detection of rogue security software using legitimate security systems is a fairly time intensive and resource consuming process that is largely reactionary in nature. For instance, currently, an infected consumer of the security system contacts the security system provider and/or provides a sample of the suspected rogue security software. Then researchers associated with the security system typically download the suspected rogue security software itself and analyze the suspected rogue security software. Once the suspected rogue security software is analyzed, if it is indeed found to be rogue security software, a sample of the rogue security software itself is added to a rogue security software signature database and further instances of the rogue security software are thereby, in theory, identifiable and stoppable.
As noted, current detection of rogue security software using currently available legitimate security systems is a time intensive and resource consuming reactionary process that uses samples of the rogue security software itself to identify future instances of specific rogue security software. This means that, using currently available security systems, even user identified rogue security software is provided significant time and opportunity to infect more systems, and create more victims, before an adequate defense is created and implemented. In addition, as noted above, the methods used by perpetrators of rogue security software have become quite sophisticated and the perpetrators of rogue security software have become quite adept at changing the characteristic and operational parameters associated with the rogue security software, such as names, version data, and web-pages, Graphical User Interfaces (GUIs) to avoid detection, or respond to detection, of the rogue security software by various legitimate security systems. Consequently, rogue security software is a very serious threat that, thus far, has proven extremely difficult to detect and block using currently available legitimate security systems.