This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In a time period of one year, starting from the 1st of July 2008 and until the end of June 2009; forty three million attempts took place to install 250 different malicious programs that proclaimed to protect computers against viruses and spyware.
This report will be about this special type of malicious programs known as Rogue Security Software which pretends to be a fine security tool and a protection plan against viruses, for example an anti-virus program or registry cleaner.
As a first part, this document will include an overview on Rogue Security Software, the most common advertising methods that attackers use to trick users, the installation techniques, the top reported Rogue Security Software and the frequency of these programs worldwide.
The second part of this report will present a discussion about the general measures that could be employed by companies and users to get protected against malicious activities such as Rogue Security Software scams.
Overview on Rogue Security Software
Rogue Security Software is an application that pretends to be a good security program, like and anti-virus or a registry cleaner but in reality it is a tool which facilitates the installation of viruses.
The ways how a Rogue Security Software is installed on a computer are:
1-Manually installed by users who have believed that this was a nice software
2-Downloaded automatically after a user visits an address designed to install this kind of tools
The creators of these scams are mainly interested in profit, for this reason, they create software to trick users and make them believe that this is a good protection tool so they could sell this product and get paid.
Advertisements are the points of attraction to download and use Rogue Security programs, and they are based on fear techniques and some social tricks that warn users about viruses through pop-ups, messengers, websites, etc â€¦
This software claims that it is able to remove spyware or un-used applications on a computer, and that's why a lot of users get tricked and buy these products.
Once Rogue Security Software is bought and installed by a user, it will lie about the computer security status and will display overstated threats even if the computer is not affected with viruses. Virus alerts will be in form of pop-ups, and taskbar notification icons.
There is a type of Rogue Security applications which installs more viruses on the computer and gives reports that it is clean and not infected with any virus.
Rogue Security Software use realistic names for the reason of tricking users as much as they can, for example they use names like VirusDetector 2009 Pro, SafeSystem Gold 2009, etc â€¦
The majority of the Rogue Security Software has an official website where the software can be bought normally like any other good software. They return a receipt by email to the victim after he has purchased their product. They also have customer support with valid telephone numbers.
The advertisements used to publish Rogue Security Software are well designed and look like advertisements that are used by trusted security software. In other words, they use approximately the same colors and fonts that are used by trusted companies.
In general, cloning is the best way to renew Rogue Security Software. In other words, it will be sufficient to change the name and the logo while using the same code of the previous malicious software. Cloning is usually done because Rogue Security Software is sometimes being discovered by trusted security companies. The goal will be to escape the detection. Thus, the whole change will be the name and the external appearance, but in reality, the program is still the same.
The most common Advertising Methods
Attackers follow several ways to fool users and let them download their Rogue Security Software. They advertise their products in a similar manner like the trusted sources. They also concentrate on social engineering and take advantage of the users' fear of viruses to sell their programs.
The easiest method to advertise this fraud-related activity is Spam, because it is fast and not expensive to spread a huge number of emails.
A type of Spam contains attached executable files, if the user opens the file, the program will be automatically installed. Another form of Spam contains a text and a link that redirects the user to the malicious website and then the program will be downloaded and installed on his computer.
One more advertising method of Rogue Security Software takes place on websites. On some websites there are advertisements that take advantage of the user's fear.
An example of this type of Rogue Security Software will be like an advertisement that says "Your computer is infected with a virus and might be at risk, click here to check and clean your system". If the user clicks on this advertisement, he will be redirected to the malicious page.
The main Installation techniques
Rogue Security Software can be installed manually or automatically on a user's computer. If the user believed the attacker's lies, downloaded and installed the program, then this is counted as a manual installation. The automatic installation takes place without letting the user know what's happening.
The most common way to spread Rogue Security Software is by emailing executable files with a fake extension, for example files that show to be a type of music files, but in reality they are executable files. A lot of files come in form of compressed or zip files too. Once clicked on them, the Rogue Security Software will be installed.
Using malicious code is another method that attackers use to install their Rogue Security Software on the victim's computer. This will be counted as an automatic installation because it happens when a user browses a phishing website and the malicious code will be downloaded on the computer without any permission.
The last installation technique is simply downloading the application from the official website of the company. This would sound a bit strange, but in reality a lot of users believe what they see, and will be convinced by the nice design of the website and the way the product is presented.
In general, Rogue Security Software websites are designed to look like trusted websites, they use similar colors, fonts, testimonials, special offers, trial versions, etc â€¦ They even have customer service. It will look like a normal and secure place for a user which is not into the technology field, and there would be a high probability that this user buys the product.
A big number of Rogue Security Software sites have different domain names so that in case a server is disabled or shutdown by authorities, the scam will be still running.
Some Microsoft users experienced problems with Rogue Security Software that appeared to them in form of security alerts pretending to be from Microsoft but it reality originating from unknown sources.
Top reported Rogue Security Software and worldwide presence
The top 3 reported Rogue Security Software are:
1-Spyware Guard 2008
This software used misleading advertisements that notified users that they have been affected by threats. This advertisement warned users to get protected and click on the advertisement. This downloaded a trial version of the program and users installed it normally like any other software. They scanned their computer using it, got a fake scan and false reports about the real security status of their computer. After some time, they have been asked to buy the product because the trial version was expired.
This is the second top reported Rogue Security Software. Installation is done by several methods; planned download, web advertisements, and malicious code. After the installation, AntiVirus 2009 gives a fake report on the computer's status and this includes that the computer is affected by spyware and Trojans. What is original about it is that it also detects Rogue Security Software while being one.
This is the best example of Rogue Security Software whose attackers worked on social engineering to fool users who fear spyware. They convinced them that their machines are in danger and at risk from spyware. They scared the users and encouraged them to buy their software which in reality is scam.
Concerning the worldwide presence of Rogue Security Software and their distribution on continents, the security company "Symantec" made some statistics about this circulation between the 1st of July 2008, and the 30th of June 2009. They found that 61% of scams were detected in the United States of America, 31% in Europe, Africa and the Middle East, 6% in Asia and 2% in Latin America.
Protection against Rogue Security Software
There are several measures that could be taken by companies and end users to get protected against malicious programs like the Rogue Security Software.
The network administrator in the company has to update the anti-virus on a regular basis and make sure that all computers and servers in use are up to date with all the patches from their trusted vendors.
All computers in the company are recommended to use the latest protections against internet spyware. The enterprise should also notify the ISP of any sort of malicious activity.
Organizations have to filter out the email attachments to reduce the malicious exposure to enterprises as well as users, and they should also monitor all computers on the network for symbols of viruses. Any infected computer has to be disconnected from the network and repaired. They should take up a defense strategy that includes the use of a firewall.
To get protected against the Rogue Security Software, the companies should teach their employees about these malicious programs and warn them to be very careful about visiting unfamiliar websites or clicking on unknown links in random emails. They have to keep them up to date of the newest scams.
Enterprises should also be on a standard of security that puts restrictions on accessing applications on the network; this would decrease the probability of getting attacked by malicious programs and threats.
Administrators could employ some measures to get protected against system weaknesses and vulnerabilities. They could use an asset management system to track what systems are being in use and this will decide which assets may be affected by the detection of the latest vulnerabilities.
A security check for frequent vulnerabilities should be done by website maintainers to decrease the probability of getting affected.
Users and administrators should update to the newest version every browser they use.
The use of Web proxies by administrators is very essential to block threats and cruel script codes.
Checked plug-ins should be installed on systems all over the company. Patch levels should be upgraded daily, most specifically on systems that host applications like the DNS server or file transfer and email servers, etc â€¦ or systems placed in a demilitarized zone (DMZ).
A special configuration should be done on email servers and this to permit attachment kinds that are needed for business and deny emails and attachments that come from external sources.
Administrators are recommended to make sure that all of the email attachments are being scanned at the gateway to put a limit for the spread of threats.
Files with "exe" extensions or executable files coming from external sources like email attachments or websites should be warned about and taken as doubtful. They should be tested by an up to date trusted anti-virus scanner.
Enterprises have also to take measures to prevent peer to peer software from being installed on any system on the company's network. All ports used by this kind of applications should be blocked. Users who download data via P2P should scan the downloaded files with an upgraded anti-virus.
Other than the protection that is followed by enterprises to avoid malicious software, end users should also be aware of this kind of programs especially when browsing the internet.
They should not click on unknown links from random emails because most of these links redirect them to spoofed addresses. They'd better type the address in the URL rather than clicking on the link.
Concerning Email attachments, users should prevent opening or executing attachments that are not supposed to be received. The only attachments that should be downloaded are the ones who are expected and who come from a trusted source.
Users should take into consideration that a big number of pop-ups and banner advertisements that pretend to be good security tools are in reality fraud.
End users should avoid opening doubtful error displays from the web browser that they are using because these are common ways that Rogue Security Software employs to convince users to download their malicious product.
Users have to download security software nowhere but from the official website of a trusted source and get the application directly from this website.
When a certain session of a user on a website is complete, they must log out because malicious threats could result in hijacking of an open session.
Rogue Security Software is a program that makes a user believe that it is a nice security tool that is good for the system in use while in reality it provides no security at all, just the opposite, it facilitates the installation of poisoned codes which damage the computer.
Attackers who create this software trick users following different strategies like advertisement, social engineering and fear techniques. They try to make their product look like a legitimate program; they use good designs similar to trusted companies.
There are several ways how Rogue Security Software is installed; they could be installed manually or automatically. It depends if the user chooses to install the program, or else the program gets into the user's computer without any permission.
Network administrators and end users should be very careful from this fraud activity and should take all security precautions to avoid the attack. Companies should educate their employees and warn them about Rogue Security Software because it could reach its network easily if an employee got tricked by attackers. End users should be careful from the sites they're visiting, and the products they're buying.