You are probably wondering why we’re writing about this type of software, or even better, what it is and why it poses a threat to us. Security software is security software, what could be wrong with it? Well you are about to find out.
Rogue security software are applications that warn users of infections that do not exist in order to trick them into buying the full product. They often make use of malware in order to install trial versions of themselves on computers without the users consent. Most of these applications are considered adware and/or spyware.
The main goal of rogue security software producers is selling their product. Most of the time they will display a message such as â€œWarning! Your computer is infected with […] To buy […] and clean your PC click here!â€ (See image Img 1.0). When the user clicks the link from the warning box, he is sent to the products homepage or directly to a registration form in order to buy the product. Sometimes, even if the user clicks the upper right hand X button the same thing happens (Alt+F4 can circumvent this trick). Some software, like SpyAxe will automatically download software without any user interaction (drive-by download).
Img1.0: False warnings in taskbar notification window
The most widely spread technique to trick users into buying such software is that of false positives. False positives are fake/false e-threat detections that appear during a compuÂ¬ter scan. This kind of warning may even trick advanced users into buying the software since a computer scan warning is more credible then similar claims without a scan (taskbar or web browser pop up boxes). These false positives however are not to be confused with accidental detections from honest security software companies.