Rogue antispyware, how to remove them and how to fight back
|
Today, the internet threat could be available in various forms. Not just some malicious codes like virus or trojan, but also malicious programs like spyware. The spyware itself could hide itself in lots of application. It could be in P2P applications, toolbars, download accelerator, game programs, but what makes us worry, is that it is inside the antispyware program itself. |
Antispyware programs are supposed to counter the spyware threat and not to be a part of them. However, the situation is different when comes to rogue antispyware. Rogue antispyware is any suspected spyware remover programs. The company that creates such software could be a scam company that goes for nothing but money. Based on certain studies, rogue antispyware shows different behavior than the usual normal apps.
Why antispyware ?
Even though spyware can be created in lots of form, but why cyber criminals chooses in antispyware form ? Why not antivirus or else ? Well, the reason is simple - they can cheat victims by using false positive techniques. Some antispyware can detect a spyware that others can't. Hence, they'll pretend that they product can detect a trojan hiding in victim's machine, even though that trojan is not exist.
Also, most computer already have an antivirus programs installed. Some trusted companies, such as Panda Lab and Trend Micro even create online virus scan while some others such as BitDefender and AVIRA offers free products. So, creating an new antivirus program is not a smart move, since not many people will fall in their trap.
Besides, an antispyware program is trusted by user to protect his or her machine. By using an antispyware as weapon, victim's computer is ready for future attack. The next time they send a spyware, the user won't notice, since the fake antispyware doesn't detect anything.
The behavior of rogue antispyware
The goal for rogue or fake antispyware is simple - to get the license purchased. Which is why, most rogue or suspected programs usually provide free scan in trial version. To remove the spyware, full license is required. Which is why, as far as I know, all rogue programs doesn't provide free removal in trial version and none of them produce free programs; they want to make more money, why should they lose some by distributing free products ?
False positive. This one is common. Most fake antispyware program would say that victim's computer is infected by certain adware, even though it is actually clean. By using false positive, some user begin to trust that apps. For example, a victim scan his computer using Ad-Aware SE and detect nothing. Then he runs full scan using a fake antispyware and the fake one detect thirty more spyware that Ad-Aware misses - he'll probably think that the fake program does a better job than Ad-Aware did, and soon purchase the license.
Affiliated with trojan. The extreme ones will go this far. For example, SpyAxe will install ZLOB trojan, and WinAntiSpy installs Vundo trojan. Once a victim download and any of these programs, a trojan is also get installed. To remove the trojan , victim is forced to purchase for the licence.
Aggressive and deceptive advertising. Once the antispyware is installed, it keeps showing a warning that your computer is infected, and force user to buy it. Spy sheriff is an example of this type.
Install some files, and claims that those are malware. Spyware Soft Stop shows this weird behavior. They'll install some junk files, into your computer. Once you run the scan, the scan results shows that those junk files are malicious and requires removal. Actually, files installed is not malicious at all.
How to prevent from rogue antispyware
One easy way to find out is by checking the antispyware list in Spyware Warrior website. Any antispyware listed is considered rogue or perhaps malicious antispyware program. While delisted apps, such as Spyware Terminator and SpyNoMore after some corrections are made to the false positive scan result.
Another way is by checking review from trusted labs. For example, if you found that program in CNet Download.com, the antispyware is probably safe, since CNet guarantee all software in their directories are spyware free. You can also check Softpedia's certification, "No Spyware, No Adware and No Virus". Another trusted party is PC Magazine. This one provides long, comprehensive and detail review on certain products.
Did you know that Site Advisor's toolbar can help you avoiding fake antispyware? When you reach any website, check the color of Site Advisor toolbar. Green color for a safe website, red for malicious, yellow for suspicious website. While no color means no data about that site, probably it is still new. If a website and their product gets a bad rating from Site Advisor's editor, the product probably is malicious, or at least not worth having.
Still not installing Site Advisor toolbar? Log on to www.siteadvisor.com to install. It is spyware free. However, it always requires internet connection to download website's data. So, your firewall must allow this program.
How to remove rogue antispyware
What if you already install any of these rogue apps? Seek for help to remove them. Some antispyware programs today, such as Spyware Doctor, SpySweeper or SpyZooka can remove these fake programs.
You can also seek for help in HijackThis forums. Click here for more information.
How to fight rogue antispyware
Today, due to the increase of spyware attack, antispyware are created, as well as rogue products. As a user, how can you fight it back? How can you possibly
One way, is by not buying any of these products. It is not safe, and the creators are bad guys, so why should you buy. Even if you install, and these programs threat you aggressively to buy, never buy form them. Instead, get the help as fast as you can to remove them.
Secondly, if you own a website, never promote or link to rogue antispyware websites. Don't register as an affiliate. Not only fake antispyware, but also lots of malicious programs or website out there.
Thirdly, you can spread the knowledge and tell the world about these fake apps. For example, if you own a blog, you can tell and spread the knowledge at your blog or websites.
Copyrights (C) 2007 by Azlan. All rights reserved.
