In recent days we have received many reports about the diffusion of some new ” rogue software ” which, once installed on the user’s personal computer, invites him to pay sums of money of variable amounts, making him believe that a malfunction has occurred at the hard drive level, a virus infection, a computer attack, etc. In this article, we intend, on the one hand, to offer an overview of the phenomenon of “rogue software” and, on the other hand, to make available to our readers the best tools for detecting and removing these sneaky threats.
What Is “Rogue Software,” And Why Is It Dangerous
“Rogue software” is a term that translates into ” rogue programs ” and is malicious applications usually presented as legitimate programs, such as antivirus and security software. To “advertise” and spread their malware, cybercriminals set up websites with professional graphics: the goal is to convince the user of the goodness of the application presented. The unsuspecting user is tricked into downloading the harmful product, sometimes through the
occasional display of pop-up windows informing about the presence of errors on the personal computer. These are generally false error messages: no website (unless it uses an active component such as an ActiveX control, a Java applet, or an “ad hoc” plugin) can automatically examine the personal computer’s content or control its operations on the system.
By way of example, remember how all software houses, and developers of antivirus and antimalware products, require the installation of an ActiveX component or a special plugin for the browser. Alternatively, the scan is performed outside the web browser using a to this page. Compatibility with the various browsers currently available on the market is indicated for each service. It is reported whether removing any threats detected on the scanned system is also permitted.
That “rogue software” is an extremely profitable business for cyber criminals who, for some time, have been using SEO techniques and organizing effective advertising campaigns to promote the diffusion of their fake antivirus as much as possible. Exploiting the impossibility for Google to control every single link published on the AdSense advertising circuit, it is, in fact, not uncommon to find – prominently on the Mountain View search engine – references to websites that carry “rogue software.”
Malware authors usually give their “rogue software” a name that mimics or closely resembles popular security software and well-known system troubleshooting utilities. Furthermore, in advertising campaigns, the message is often in Italian, intending to ” catch” as many “local” users as possible.
A “rogue software,” in short, presents itself as a program that is not benign but that is even marketed as such. The intent is to persuade users to enter their credit card numbers or, in any case, to pay variable amounts. The user, for his part, not only sees money unduly stolen but does not get any service. On the contrary, in most cases, installing “rogue software” results in harmful files on the system or opens the doors for other infections.
Many “rogue software,” for example, cause drops in operating system performance, install other malware or backdoors, interfere with searches on the Net and normal “surfing” by displaying warning messages, These are malicious activities but, unfortunately, at the same time, hard to suppress.
The Internet domains activated by those who develop “rogue software” are often registered with false data or disguised using the most disparate expedients. Generally, it is always good to never trust unknown tools. Generally, with a simple search on the Net, it is possible to establish almost immediately the identity of any program by unmasking bogus and dangerous applications.
Always Scan The Files You Download From The Internet, Especially If You Have Doubts About Their Identity
Tools like Virustotal.com allow you to check downloaded software simultaneously using dozens of antivirus and antimalware engines. Connect to the website, click the Browse button ( Upload file ), select the application file to check, and press Send file. However, it is good not to stop at this point. The control activity should continue, for example, by resorting to a service such as Threat Expert. Its operation differs from Virus Total by relying on a sandboxing mechanism”.
A “sandbox” is a protected and monitored area in which malicious applications can be executed without interfering with the existing operating system. Suppose you suspect a program’s identity and the operations it can perform on the system. In that case, the Threat Expert service can be an excellent solution to analyze it without risking damage to the personal computer user, for example, for production purposes.
After identifying, on your hard disk, the file you intend to submit for examination, it is sufficient, without executing it, to connect to this page, click on the Browse… button, choose the file to be verified, specify a valid email address in the box your email address, accept the terms and conditions of use of the service (check the box I agree to be bound by the terms and conditions ) then press the submit button below.
Within a few minutes, Threat Expert will send a detailed report to the indicated email address containing information about the various operations performed by the previously sent file. The report can be consulted by viewing the html file attached to the email message or by clicking on the link proposed in the body of the email text. The final report summarizes all the elements that, after starting the file sent to Threat Expert, are created, deleted, or modified on the system ( File system modifications section ).
Subsequently, the changes made to the content of the data stored in memory, in the Windows registry, and so on are indicated. It is an excellent system that allows unmasking dangerous activities and realizing what operations legitimate software performs. Threat Expert can always highlight the creation of hidden files and processes in the final report and any network traffic generated: open ports, visited addresses, SMTP traffic produced, or emails eventually sent with all the relative data.
Threat Expert also provides a practical “stand-alone” tool for sending the files to be analyzed, which can be downloaded by referring to this page. A service that allows you to carry out an analysis very similar to that operated by Threat Expert is Anubis: the files that are transmitted online are automatically executed within a special virtual machine. Any suspicious or harmful behavior is appropriately summarized in a final report. All the details on how Anubis works are given in our article.
Still using “web-based” services, verifying the reliability of the website hosting the “dubious” application is possible. A tool like McAfee Site Advisor can greatly help: type in the View report on a site box, at the bottom right, the website address, and press the Enter key to get a complete report. McAfee’s service is based on surveys carried out independently by the software house team and on user-generated comments.
It is, therefore, often possible to immediately unmask a website used as a beachhead to distribute malware and “rogue software. “Also, the plugin for the browser ” WOT ” (acronym of “Web-of-Trust”) allows one to obtain reports, directly in the SERP of the search engine, about the dangerousness of a website. WOT is distributed as plugins for various web browsers, is free, and is based on the user community’s indications. To consult the report of any web address without installing the plugin, enter the URL to check the rating of your favorite site box.