This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Is Offering You a Rogue Anti-Malware ProductBy Tom Kelchner, Sunbelt Software
June, 2009
Rogue anti-malware products are among the fastest growing types of malware. SunbeltSoftware’s Web site lists over 760 that have been found in the last four years. They allhave legitimate-sounding names: “CoreGuard Antivirus 2009,” “Malware Catcher 2009,”and “Fast Antivirus 2009.”
Typically, a victim purchases one after seeing alarming windows pop up on his PC screen
with a message like: “YOUR COMPUTER IS INFECTED!” The pop-up windows guidehim through the steps necessary to purchase the anti-malware product (usually costing$49.95, credit cards accepted), then scanning all the dozens or so (alleged) viruses fromhis PC.
He’s just been scammed. At best, the victim just bought a piece of “crapware” (not atechnical term) that does absolutely nothing except show alarming pop-up windows. Atworst, the victim’s credit card number has been stolen and is for sale on the Internet black market. Some rogues install malware that steals personal information from a PC, connectit to a botnet and leave it accessible to the scammer for other malicious uses.
The crapware looks like professional software. How is the average home Internet user totell the difference? For that matter, how is the average home Internet user to know if ANY anti-virus, anti-spyware or anti-anything product is real?
There are three ways. First, look up the product name in a list of “bad stuff.” Second,look it up on the Web site of a real product certification body. Third, search for it on theWeb and interpret the results.
A list of “bad stuff”: Descriptions of Rogues
The Sunbelt Software Web site enables visitors to search for descriptions of rogues andother malware. It also carries a Rogue Antispyware Blog, that describes what the roguesdo. The blog can be found at: http://rogueantispyware.blogspot.com/ .
To find the Sunbelt description of a rogue product quickly, just search for its name in thebox in the upper left corner of the blog page. For example, let’s search for “Total Protect2009.”
A list of legitimate anti-malware companies and products
To determine if an anti-malware product is legitimate, you can look it up on the Web siteof the company that makes it. How can you tell if the company is legitimate? After all, asthe saying goes, “on the Internet, nobody knows you’re a dog.”
Here is a list of legitimate anti-virus companies and their anti-virus engines. This list istaken from the VirusTotal Web site. VirusTotal is a tool that malware analysts use to testa sample of malware and tell if different anti-malware products detect it and what theycall it. It’s “...a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, Trojans, and all kinds of malware detected by antivirus engines.”
* AhnLab (V3)* Antiy Labs (Antiy-AVL)* Aladdin (eSafe)* ALWIL (Avast! Antivirus)* Authentium (Command Antivirus)* AVG Technologies (AVG)* Avira (AntiVir)* Cat Computer Services (Quick Heal)* ClamAV (ClamAV)* Comodo (Comodo)* CA Inc. (Vet)* Doctor Web, Ltd. (DrWeb)* Emsi Software GmbH (a-squared)* Eset Software (ESET NOD32)* Fortinet (Fortinet)* FRISK Software (F-Prot)* F-Secure (F-Secure)* G DATA Software (GData)* Hacksoft (The Hacker)* Hauri (ViRobot)* Ikarus Software (Ikarus)* INCA Internet (nProtect)* K7 Computing (K7AntiVirus)* Kaspersky Lab (AVP)* McAfee (VirusScan)* Microsoft (Malware Protection)* Norman (Norman Antivirus)* Panda Security (Panda Platinum)* PC Tools (PCTools)
The VirusTotal page that lists the above is at: http://www.virustotal.com/sobre.html
Unfortunately, each of these companies has products with different names that aren’t onthis list. Symantec sells Norton 360 and Sunbelt Software sells VIPRE® andCounterSpy™. And, they all bring new products to market constantly.
The VirusTotal page is a place to start. If the company is listed there, it’s legitimate.New, legitimate AV companies pop up from time to time, so to check even further, youcan go to the vendor’s page and specifically look up the product you’re in doubt about.
Certification groups: other sites that list legitimate anti-malware products
There are a number of “certification bodies” – companies and organizations that test anti-malware products to see if they are capable of detecting and treating current malware.One such group is Westcoast Labs ( http://www.westcoastlabs.org/ ). Westcoast certifiesmost major anti-malware products. You can enter the name of a company or anti-malware product in the search box on their Web site to see if they have rated it.
This is the quickest and most convenient way to see if an application someone is trying tosell you is a rogue. However, you must interpret the results. Here’s an example. We’llsearch for the rogue Malware Catcher 2009.
It is possible that a rogue product could be distributed by a group with a Web site, and
that page probably would show up as the first hit in a Web search. Notorious adwarecompany Zango, which paid a large fine to the Federal Trade Commission for deceptivebusiness practices and unsuccessfully sued anti-virus companies for listing them asmalware, has a very significant Web presence. You only need to read the other hits fromthe search engine to get a sense that something isn’t right: “removal instructions,” and“infamous adware vendor.”
If you need anti-malware protection…
Actually, if you have a PC and you turn it on, you need anti-malware protection. Of
course we can recommend VIPRE® (http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/ ).
But, if you’re interested in looking elsewhere, the list above -- “A list of legitimate anti-
malware companies and products” -- gives you the names of the significant legitimatevendors in the field.
If you’d like to look through the list of more that 760 rogue products on the Sunbelt site,go to: http://www.sunbeltsecurity.com/BrowseCategories.aspx