Rogueware, Scareware, and Ransomware
Attackers are reportedly extorting millions of dollars a month from through a special type of Trojan horse known as rogueware, scareware, and ransomware. If you’re taking any type of security certification including Security+ and SSCP, you should have a basic understanding of scareware. Here’s how it works.
When a user visits a site, a message on the web page or a popup appears indicating it detected malware on the user’s system. The user is encouraged to download and install free antivirus software. Users that take the bait are actually downloading and installing malware. This is a type of a Trojan horse because it looks like one thing (free antivirus software), but it is actually something else.
One version is playing off the name of Microsoft’s free antivirus tool, Microsoft Security Essentials by calling itself Security Essentials. If you download and install it, it looks something like this:
Microsoft does offer free antivirus software to home users and small businesses and it’s called Microsoft Security Essentials. You can read about it and download it from here.
Most rogueware variants don’t actually scan a system but instead they simulate a scan. All of them report that they have found malware. For example, after running a scan, a user may see something like this:
This will cause a scare in most users. “OMG. My system is infected.” Fortunately, they’ll see that they can click the Start Protection or Remove All buttons to erase all threats. Unfortunately, they’ll then learn that the free version they downloaded is only a trial version. If they really want to remove these threats, they’ll need to upgrade to the fully paid version for only $69.99 or some other price.
Let me stress a few points:
- This software is not actual antivirus software.
- It will not provide any protection against actual malware threats.
- It will always discover viruses.
- It tries to extort money from users by scaring them into thinking there system is infected.
In addition, to the basic extortion techniques used by these attackers, they often take it a step further. If they get credit card information from users, they often use to falsify other charges. Additionally, the scareware can also install other malware onto the user’s system. For example, it may join the computer to a botnet, or install backdoor software to allow the attacker to remotely access the user’s computer.
If you take a security certification like the Security+ exam, you’re very likely to come across rogueware, scareware, or ransomeware. They’re all the same thing and lining the pockets of criminals at the expense of uneducated users.