Rash of Fake Security Programs

January 27, 2010

Lately, there has been an outbreak rogue security programs. The ones we have seen lately include Personal Security, Security Took, Internet Security 2010, and others. In case you aren’t familiar with the term rogue security, it is basically an infection that pretends to be a security program (anti-virus, anti-spyware, etc.). A rogue security program will sneak onto your system. It will then tell you that your computer is infected and then tell you all you have to do is pay for the “Security” software and it will remove it for you.

The rogue security program is right about one thing. Your computer is infected. But the rogue security program is the infection. All of those infections it’s telling are on your computer probably aren’t there.  If you decide to click on the link to purchase the rogue security program, it will take you to a website where you can enter your credit card and pay for it. Once you do this, they have your credit card number and will keep charging it until you cancel your credit card.

Luckily, once a rogue security program is discovered, it only takes a day or two before their website is shut down. Once that happens, if you click on the link to purchase the rogue security program, you’ll find that you can’t. Of course, once the website is shut down, they build a new one somewhere else, but the rogue security program you have on your computer doesn’t know the new website.

In addition to telling  you your computer is infected, some rogue security software will show a screen similar to the Windows Security Center telling you your computer is not secure and once again giving you the option to purchase it. Many of these types of rogue security program will stop other programs from running. Specifically, any program that might be able to remove them. This particular rogue security software is a little different in that when it stops something from running, it pops up a message that looks like it’s from a firewall saying it stopped an infected program from running.

Most of these rogue security programs will also hijack internet explorer. If you try to go to a website to find information about personal security or to a website that contains security software, it will display a message saying that the website you tried to go to is unsafe. Or sometimes they just redirect you somewhere else.

These infections generally spreads through infected websites and through email, but can also be spread through Adobe PDF files. On a website, it might tell you a newer version of flash is required to view the website and prompt you to download the latest version of flash. But when you click to update to the latest version of flash, it actually installs the infection.

No doubt this same infection has already begun spreading with a new website and possibly a new name. We have seen lots of these types of infections in the past with varying names and different tricks up their sleeves, but

To avoid these types of infections, follow these rules.

  1. Make sure you have good, up-to-date, unexpired security software. The 2 products we recommend are Vipre and AVG.

  2. Never click on a link in an email. If you get an email from an institution that you do business with and that email has a convenient link in it, don’t click on it. Instead, go to that institution’s website manually.

  3. If a website prompts you to install or update something, do not do it. Instead, manually update it yourself. Here’s how.

    If you want to update flash, shockwave, or adobe reader, go to www.adobe.com. In fact, we recommend you go and update all three of these right now.

    If you want to update java, go to java.com. We recommend you do this right now.

    If you are prompted to install a CODEC or a special player, don’t do it. Whatever music or video you were trying to watch, go find it somewhere else on the web.

If your computer does become infected, we can of course remove it for you. But we sincerely hope your computer does not become infected.

Leave a Reply

You must be logged in to post a comment.