IT Consulting and Tech Support Blog

Rogue AV Remains a Popular Threat Tactic

Over past few months, the news has been all about who got hacked, what software is vulnerable and should be patched, and what the latest Web threat is like, which ranges from simple spam to those deemed as advanced persistent threats (APTs). Between the “least dangerous” and the “most dangerous” we keep hearing and reading about: Rogue AV.

There has been a new wave of fake antivirus programs (or rogue AV) growing since the start of the year, last month brought a significant spike in new variations of rogue AV. Criminals behind bogus AV software are now distributing via spam that has links to sites where users can be further infected with the Blackhole Exploit.

The Blackhole exploit is a tool used by cybercriminals to target unpatched vulnerabilities in software applications from industry leaders like Microsoft Corp. and Adobe Systems Inc. Users infected by rogue AV may be redirected to fraudulent websites, have their systems hijacked by programs appearing to scan their PCs or plagued by messages warning of viruses and other PC security risk. These scareware tactics trick users into providing credit card data to purchases fake/non-existent protection.

Rogue AV programs are continually tweaked in an attempt to avoid detection, with newer variants of these malicious applications propagating every 12 to 24 hours. Here are some naming examples of the different variants of the same Rogue program released over the past several days:

-Windows Risk Minimizer

-Windows Managing System

-Windows Safety Tweaker

-Windows Tools Patch


These programs basically all look the same, but the names are different:

This entry was posted in Exploits, Virus Outbreak Alerts, Vulnerabilities, Web Security and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>