The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

The evolution of rogue antivirus

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted October 29, 10:16  GMT
Tags: Rogue Security Solutions

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their "products" to exploit developments and changes in genuine AV solutions.

A couple of months ago, Microsoft released its free anti-malware product, Microsoft Security Essentials. It's designed to ultimately replace Windows Defender, an earlier in-built antispyware product. It looks as though the guys behind the rogue AV which I just came across aren't only playing on people's fears, but on their lack of knowledge. Malware and IT threats are getting increasing coverage in the general media, but if you're not particularly interested in IT, you're not that likely to remember all the facts. Using the name "Windows Enterprise Defender" is a neat way of getting someone who might have heard of Windows Defender, and half-remembers Microsoft's latest release, to be fooled into thinking that the rogue AV is the genuine article.

Of course, the product activation process looks very similar to the genuine Microsoft process...

This case is a great example of how social engineering tactics get modified for maximum profit, and it illustrates a kind of microevolution in rogue AV solutions:

Use a name which is not related to any other software

Require payment to delete detected viruses

Use a name which is either the same name as that of existing software, or very similar

Require payment for a "product" which is supposedly part of the operating system

With the cybercriminals becoming more and more sophisticated in their approach, rogue AV isn't a laughing matter. But there is a funny side to this: the "threats" this rogue detects don't use names from Microsoft's malware classification, but from ours :)


If you would like to comment on this article you must first

Bookmark and Share