Research

The evolution of rogue antivirus

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their “products” to exploit developments and changes in genuine AV solutions.

A couple of months ago, Microsoft released its free anti-malware product, Microsoft Security Essentials. It’s designed to ultimately replace Windows Defender, an earlier in-built antispyware product. It looks as though the guys behind the rogue AV which I just came across aren’t only playing on people’s fears, but on their lack of knowledge. Malware and IT threats are getting increasing coverage in the general media, but if you’re not particularly interested in IT, you’re not that likely to remember all the facts. Using the name “Windows Enterprise Defender” is a neat way of getting someone who might have heard of Windows Defender, and half-remembers Microsoft’s latest release, to be fooled into thinking that the rogue AV is the genuine article.

Of course, the product activation process looks very similar to the genuine Microsoft process…

This case is a great example of how social engineering tactics get modified for maximum profit, and it illustrates a kind of microevolution in rogue AV solutions:

Use a name which is not related to any other software

Require payment to delete detected viruses

Use a name which is either the same name as that of existing software, or very similar

Require payment for a “product” which is supposedly part of the operating system

With the cybercriminals becoming more and more sophisticated in their approach, rogue AV isn’t a laughing matter. But there is a funny side to this: the “threats” this rogue detects don’t use names from Microsoft’s malware classification, but from ours 🙂

The evolution of rogue antivirus

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox