The evolution of rogue antivirus

We often write about the fact that cybercriminals constantly change their tactics to take account of developments in the security and software industries. And I just came across a great example of this: it shows how the people behind rogue antivirus solutions adapt their “products” to exploit developments and changes in genuine AV solutions.

A couple of months ago, Microsoft released its free anti-malware product, Microsoft Security Essentials. It’s designed to ultimately replace Windows Defender, an earlier in-built antispyware product. It looks as though the guys behind the rogue AV which I just came across aren’t only playing on people’s fears, but on their lack of knowledge. Malware and IT threats are getting increasing coverage in the general media, but if you’re not particularly interested in IT, you’re not that likely to remember all the facts. Using the name “Windows Enterprise Defender” is a neat way of getting someone who might have heard of Windows Defender, and half-remembers Microsoft’s latest release, to be fooled into thinking that the rogue AV is the genuine article.

Of course, the product activation process looks very similar to the genuine Microsoft process…

This case is a great example of how social engineering tactics get modified for maximum profit, and it illustrates a kind of microevolution in rogue AV solutions:

Use a name which is not related to any other software

Require payment to delete detected viruses

Use a name which is either the same name as that of existing software, or very similar

Require payment for a “product” which is supposedly part of the operating system

With the cybercriminals becoming more and more sophisticated in their approach, rogue AV isn’t a laughing matter. But there is a funny side to this: the “threats” this rogue detects don’t use names from Microsoft’s malware classification, but from ours 🙂