Unfortunately, people are frequently seduced by the word "free" and overestimate the supposed benefits such products offer: it doesn't occur to them that all security products must undergo strict controls and quality assurance which ultimately guarantee the product's reliability, but which also generate cost overhead that has to be paid by someone, somehow.
In order to illustrate this type of malicious methodology, the case of a rogue product is analyzed here.
:: Free but Fake:
Rogue Anti-malware
Cristian Borghello, CISSPTable of Contents
Introduction 2Analysis of a Well-known Case 3Conclusion 7Further Information 8
White Paper: Free but Fake1IntroductionMost antivirus products are commercial and typically offer, as is the case with ESETŪ solutions, free trial versions for a 30-day period. This limitation is the perfect excuse for criminals to recommend their "free and magical" antivirus software which guarantees to solve problems that the user does not really have.These kinds of programs are called "Rogue Anti-Malware" or "Purportedly Protective Programs" and their creators want users to download them in order to infect their systems, while believing that they are protecting themselves. In many cases, a Social Engineering technique is used to trick the user into downloading a malware application in the belief that they will receive a product which is both desirable and free..Nowadays, there are several scenarios in which these programs may be introduced:1. A free solution for a speci? c malicious program is offered on a website. Once the user downloads and installs the product, the user's system is (or appears to be) disinfected but other types of malicious software are installed, such as spyware and adware.2. T he user meets with the same scenario, but in this case is noti? ed of an infection that (may or may not be real) and if the user decides to clean the system, the program demands the registration of the software and the payment of a set fee.3. O ne of the previous scenariosis met with but, at the time the product is to be downloaded, the user is required to give his credit card data.4. Any of the previous scenarios occurs but in addition, the program keeps notifying the user that his computer is infected. The warning is insistent and may be repeated in different ways. Its main goal is to "exhaust" the user and make him believe that a real malware attack is taking place, so that ? nally he enters his personal data or makes a payment to activate the security solution that will "disinfect" the system.Unfortunately, people are frequently seduced by the word "free" and overestimate the supposed bene? ts such products offer: it doesn't occur to them that all security products must undergo strict controls and quality assurance which ultimately guarantee the product's reliability, but which also generate cost overhead that has to be paid by someone, somehow.
White Paper: Free but Fake2For example, it is quite usual for people who browse the Internet regularly, looking for free tools to eliminate the Internet threats they rightly fear, to happen upon fake antivirus or antispyware applications. This search model is speci? cally targeted by criminals using well-known techniques to subvert Google's search algorithms with the intention of pushing their malware to the top of the search list.
Figure 1 - Results of a Search for Free ToolsWhen this kind of search is carried out, it is of outmost importance to make sure that these security tools are supported by well-known product tests and certi? cations, and that they also have a respectable track record. It is one thing to download a product with years of research and development behind it. It's not at all the same thing to download a "free" tool like the one shown in the image above, however miraculous the results it promises. Furthermore, it's common for a fake anti-virus or anti-spyware product to claim the same certi? cations and endorsements that a good, genuine commercial product is likely to have. It's therefore important to verify such claims independently.
Analysis of a well-known caseIn order to illustrate this type of malicious methodology, the case of a rogue product that has proliferated throughout Latin America is analyzed here: that is, Antivirus XP 2008 (also known as Antivirus XP 2009 or MalwareProtector 2008), which offers a fake antivirus solution and, by using the techniques previously described, tries to lure the user into purchasing the registered version of the product.
White Paper: Free but Fake3Although there are several ways in which the user can be enticed onto the website where the program is downloaded, nowadays spamming is most frequently used: when t... [download for more]
