Recently, a reader of this Blog commenting on the epidemic of rogue security software infesting the Internet had this to say “We are being protected from the terrorists in the sky. When are we going to get protected from terrorists on the internet?????? It is getting out of hand, and no one is getting arrested for ripping off the consumer. These people are sick and need to get a real job!” Ripping you off though, is their real job, and a very lucrative one at that!
Unless you have had the bad experience of installing this type of malicious software, you may not be aware that such a class of software even exists. But it does; and regrettably, as this reader points out, it is becoming more widespread.
In the last few days, the cyber criminals behind the creation of WinDefender 2008 have morphed this parasitic rogue security software application into WistaAntivirus. So now we have one more software parasite to add to the epidemic of rogue security software infesting the Internet.
A rogue security application like WistaAntivirus is an application that uses malware, or malicious tools, such as the ZLOB or Vundo Trojan, to install itself on the victim’s computer. Like many dangerous applications of this type, WistaAntivirus is usually found on free download sites, and adult websites. Or it can be installed from rogue security software websites, using Trojans or manipulating Internet browser security holes.
After the installation of WistaAntivirus be prepared for false positives; fake or false malware detection warnings. As with all rogue security applications, WistaAntivirus was developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.
If the full program fee is not paid, WistaAntivirus continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.
Generally, reputable anti-spyware software is capable of detecting rogue software if it attempts to install, or on a malware scan. But this is not always the case. Anti-malware programs that rely on a definition database (most anti-malware programs), can be behind the curve in recognizing the newest threats. Nevertheless, it is critically important that your Anti-malware programs definition database is always kept current.
An additional safeguard is, ensure you have installed, and are running, an anti-malware application such as ThreatFire 3, free from PC Tools. This type of program operates using heuristics, or behavioral analysis, to identify newer threats.
As well, Malwarebytes, a reliable anti-malware company has created a free application to help keep you safe and secure. RogueRemover (latest version released July 7th, 2008), will safely remove a number of rogue security applications.
SmitFraudFix available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
A further resource worth noting is the Bleeping Computer web site where help is available for many computer related problems, including the removal of rogue software.
An absolute necessity is making sure that any security application you are considering installing is recognized as legitimate by industry experts. An excellent web site that will keep you in the loop, and advise you what products work and have a deserved reputation for quality performance is Spyware Warrior.
What you can do to reduce the chances of infecting your system with rogue security software.
Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications where exposure to rogue security applications is widespread.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
Do not click on unsolicited invitations to download software of any kind.