Over past few months, the news has been all about who got hacked, what software is vulnerable and should be patched, and what the latest Web threat is like, which ranges from simple spam to those deemed as advanced persistent threats (APTs). Between the “least dangerous” and the “most dangerous” we keep hearing and reading about: Rogue AV.
There has been a new wave of fake antivirus programs (or rogue AV) growing since the start of the year, last month brought a significant spike in new variations of rogue AV. Criminals behind bogus AV software are now distributing via spam that has links to sites where users can be further infected with the Blackhole Exploit.
The Blackhole exploit is a tool used by cybercriminals to target unpatched vulnerabilities in software applications from industry leaders like Microsoft Corp. and Adobe Systems Inc. Users infected by rogue AV may be redirected to fraudulent websites, have their systems hijacked by programs appearing to scan their PCs or plagued by messages warning of viruses and other PC security risk. These scareware tactics trick users into providing credit card data to purchases fake/non-existent protection.
Rogue AV programs are continually tweaked in an attempt to avoid detection, with newer variants of these malicious applications propagating every 12 to 24 hours. Here are some naming examples of the different variants of the same Rogue program released over the past several days:
-Windows Risk Minimizer
-Windows Managing System
-Windows Safety Tweaker
-Windows Tools Patch
These programs basically all look the same, but the names are different: