SMBs: Beware of Rogue Security Software

Marc Fossi

According to a recent survey conducted by the National Cybersecurity Alliance and Symantec, 90 percent of small businesses believe they are safe from malware and viruses, based on the security practices they have in place. However, millions of computer users, including small to midsized businesses (SMBs), are actually relying on fake security software to protect their PCs.

Marc Fossi is Manager, Research and Development, for Symantec, and is the executive editor of the Symantec Internet Security Threat Report.

Symantec's Report on Rogue Security Software notes that 43 million users downloaded one of 250 so-called "scareware" programs from June 2008 through June 2009. Scareware can be defined as programs that prey on users' fears of being infected with viruses or malware while using the Internet. Scammers dupe well-intentioned users into purchasing and installing these security programs that in reality not only provide little or no protection, but often actually install the very malicious code they promise to eradicate.

SMBs have enough on their minds without worrying that their employees may be tricked into deploying fake security software. It is frustrating to think that while scareware creators are potentially putting SMB customer information at risk, these scammers are also turning big profits - with the most successful scam artists earning $23,000 per week from users unknowingly purchasing their fake software.

To avoid becoming a victim of a rogue security software scam, SMBs must be able to help their employees recognize such cons and take steps to minimize their vulnerability.

SMBs-Beware of "Flashing Ads"

Scammers use several methods to trick people into downloading rogue security software. They design their programs to appear as credible as possible, often mimicking the look and feel of known, legitimate security software programs - using the same fonts, colors, and layouts of real security sites as well as familiar advertisements, pop-up windows and notifications. These rogue applications typically also have names that are similar to legitimate software. For example, the top five fake security programs are named SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure and XP AntiVirus.

Rogue security software even shows up alongside legitimate security programs in searches, often at the top of the search engine index. Scammers seed search engine results by capitalizing on popular news items, events, or celebrities, typically using a range of black hat search engine optimization (SEO) techniques to effectively poison search engine results. By doing this, they elevate the ranking of their scam sites whenever any topical news event is searched.

Another highly effective scamming tactic is to display false claims of security threats on an employee's computer. For example, an employee may be surfing the Web when an ad begins flashing and a message appears telling the employee that the flashing ad indicates the employee's computer is likely infected or at risk of infection. These messages are often persistent, repeatedly urging the user to address the risk immediately by following a link where the computer is more completely scanned, the user can buy protective software, or the threat can be removed.

Unfortunately, these and other tactics are working for scammers. According to the report, 93 percent of installations of rogue security software are intentional. What users are unaware of is that by allowing a scan, purchasing rogue software, or downloading removal tools, they may actually be exposing their computer, their company and customer information to spyware. This mistake can place an SMB's customer credentials such as credit card numbers and other personally identifiable information into scammers' hands -- even depositing money directly into scammers' pockets.

Add Comment      Leave a comment on this blog post

Jan 21, 2010 11:34 AM mlaridon mlaridon  says:

These "Rogue Security Programs"  seem really common lately.  I'm a small town PC tech and I've cleaned 3 systems of these just this week.  I think they make of 90% of my malicious software removal work.  They often get right past good anti-virus and anti-spyware programs, then lock down the computer so you can't run any real security programs, or even task manager or msconfig.  I often have to scan with 4 or 5 different programs before it's found and removed.  Malewarebytes and Spybot Search & Destroy seem to be the most successful on average, but even they fail sometimes.

Jan 25, 2010 1:38 AM Shelly A. Good-Cook Shelly A. Good-Cook  says: in response to dbids.dave

I recently got a Trojan through Facebook although I have up-to-date antivirus software installed on my computer.  After I figured out how to remove it, I wrote a blog about the steps I took.  You can find my blog here  Hope it helps.

Jan 25, 2010 12:14 PM dbids.dave dbids.dave  says: in response to mlaridon

To mlaridon:

What apps did you use to remove the malware when Malwarebytes & Spybot S&D failed (or was a HD formate & OS reinstall required?) ?

Have you also tried SUPERAntiSpyware Professional? Its free version got good reviews in Maximum PC (as did Malwarebytes).

Jan 27, 2010 6:22 AM Mr.Eric Mr.Eric  says: in response to Shelly A. Good-Cook

I wanted to read your blog/tweet on how you removed the trojan you got via Facebook but the link was bad.  Is this something you could repost? Thanks.

Jan 27, 2010 6:44 AM Tekguy Tekguy  says: in response to mlaridon

Yes the rouge antivirus is the most common type of virus removed 99% of all viri I remove are of this type, this is the procedure I use to recover from this type of infection.

1) Use a Windows PE based boot disk such as UBCD for Windows to boot to a PE environment.

2) Use the registry restore tool to restore the registry to a state previous to the infection.

3) Reboot

4) Install Malwarebytes and update definitions.

5) Scan and remove any stray virus files left.

Normally this will solve the problem.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data