Malware, Fake AV and Rogue Scamware are becoming more and more prevalent these days as the malware authors are publishing in many different forms nearly each single day with various new titles or incarnations to causing detriment, and your antivirus software isn’t providing enough protection to detect and remove these latest threats. These malicious applications are made purposely to deceive users to buy into the fake functions. The techniques they employ are very socially engineered and tested to be very effectively scare the infected users buying the software license. The entire fake AV, malware and rogue scamware business is becoming alive again with more and more releases showing up on the Internet.

What are Malware, Fake AV and Rogue Scamware?

Malware like Live Security Platinum or System Progressive Protection, is a malicious software made to penetrate and take over your computer. In general terms, malware is a software causing harm to a user, computer, or network, including viruses, trojan horses, worms, rootkits, fake AVs, rogue scamware, scareware, and spyware. In a recent labs testing over the past few months, we have received lots of reports on ransomware like Politiet Norge Ukash Virus and the infamous FBI fake notice ransomware which are quite prevalent on the Internet nowadays.

When you’re clicking suspicious links on Facebook or Twitter, downloading files or programs from malicious portal or P2P networks, opening email attachments from friends or playing Flash games online, you may have not yet noticed that your computer has been compromised until your PC is being locked up by the malicious software, popping up ads continuously or porn sites, or redirecting all your surfing requests to unknown websites. Then all of your sensitive information may have been stolen, such as bank account information, credit card passwords and email credentials. These forms of detriment are seen very often and are regarded as malicious software, or malware.

Types of Malware

While in the real scenario, a malware like Live Security Platinum or System Progressive Protection, is usually involving with multiple categories, for a general anti-virus discussions, the followings below are the categories that most malware falls into:

Backdoor designed to bypass security mechanisms by the remote hacker with little or no authentication.
Botnet infamous networked bot malware able to take control of the compromised computers remotely.
Downloader usually installed by the hackers when they obtain the control of the system and then download/install other program or malicious code; Downloader are used by fake AV business to deploy scareware on the victim computer.
Spyware collect and send all the activities on the infected computer, like passwords and online banking.
Launcher used to launch other programs to meet the remote hacker’s needs
.
Rootkit used to hide the traces of other malware to allow the remote hackers to access the victim computer.
Scareware (Fake AV/Rogue Anti-Virus) mostly commercial interests; designed to function as anti-virus or anti-malware program and scare the users to buy the license
.
Spam-sending malware installed accidentally by careless users or the exploitation of security holes to send spam-related operations.
Worm or virus malicious codes or program designed to copy itself and infect other computers.

Malware is usually installed on the victim computers as various categories mentioned above. Live Security Platinum and System Progressive Protection are fake AVs but also associated with Rootkit and Downloader functions. While they are not very sophisticated on first few releases, the later variants require the advanced analysis skills and certain levels of computer skills to successfully remove them without any traces left. Malware fighting is often like a cat-and-mouse game. Whenever there is a solution to remove the threats of Live Security Platinum and System Progressive Protection, the malware publishers will deploy another techniques to avoid detections from security software and other known solutions published on the Internet. In this case, you could always count on YooSecurity technicians 24/7 online for your computer protection.

Malware Characteristics

Understand the risk of malicious software

Malware is short for malicious software. Malware itself may be a virus, worm, backdoor that exploit the vulnerabilities in your PC system. Malware can evade the signature-based detection by dynamically change the malicious code. Attackers often use the changeable code to enter the IDSes intruder warning system on the Internet. Malware includes computer viruses, worms, trojan horses, spyware, adware, and other malicious programs.

Malware Characteristics (e.g. Live Security Platinum and System Progressive Protection)

1. Mandatory installation: the malicious software would be installed on your computer without your permission.
2. Difficult to be uninstalled: the program doesn’t provide users with built-in uninstaller. And the program can not be uninstalled completely even though you remove it many times.
3. Browser hijacking: browser hijacker is a malicious application that would modify the browser’s homepage, searching page, default settings through the DLL plug-ins, BHO, WinsockLsp in order to hijack users to the specified website.
4. Adware: Adware is the common name used to describe software that is given to the user with advertisements embedded in the application.
5. Collect user’s information maliciously: the software collect users’ personal information and important information without users’ permission.
6. Malicious uninstall: the application guides or cheat users to uninstall and remove other programs.
7. Malicious bundles: the program contains other applications that have been defined as malware already.

Threats of Malware

1.Unable to detect: traditional protection ways of signature-based detection is unable to resist the attack from malware. The malware keeps changing so that it is very hard to detect them out. The ways of threats from malware to the network and system vulnerabilities have always been changing. For example, malware often hides in the email attachments in the past and nowadays they will trick users through the social network liek Facebook and Twitter to download the affected files or applications.

2.Increasing Risk. Some agencies had predicted that the malware would be everywhere in one day including smart mobile phone, Vista, Mac, OSX and other operating system environment. Some one even said that the network structure would be affected by the malware such as: router, domain name server, search engine. It is very necessary for the enterprise to take the updating measures. The gateway and scanning are the new protection method. Furthermore, users still pay more attention on the terminal equipments protection. For instance, you should protect the desktop and mobile devices.

3. Malware Incarnations. The complexity of malware ecology of course is changing every day. Viruses, worms, trojan horses, spyware, adware and some plug-ins actually are malware. However, the most scrabble thing is that the resource of malware has become various. Years ago, the malware is just a joke made by some person but now it has been designed by criminal group. Malware authors usually use methods like passwords stealing, keyboard recoding and other illegal behavior to achieve their purpose in order to get much money. Therefore, the malware nowadays has its own direction to avoid the detection. It is very hard to prevent the attacking from malware until you have been affected.

4.Relationship Between Web 2.0 and Malware

Web 2.0 includes social networking, photo sharing, wikis and social bookmarking sites and malware 2.0 is defined as a web based infection in which user can be entrap by visiting website. In web 2.0 environment users trust the information without knowing anything about the author or integrity of the source, and that’s precisely why criminals are attacking these applications and using it to circulate malware. The interactive feature of web 2.0 would increase the affection of malware. For example, a worm with Trojan had been designed and inject into video file. Then the video had been uploaded to YouTube and other some web2.0 site. Anyone who click the video would download malware file automatically to his computer. Thousands of computers were affected before security experts and firms have noticed what was happening.

How to Protect Against the Malware

Since the malware is very hard to deal with, you need to take comprehensive methods to protect again it. For example: enable the Firewall, use email filter, intrusion detection system run anti-malware application, keep your system updated, use good password combinations, don’t open suspicious email attachments. Moreover, you had better accomplish these things below if you are running a company or enterprise.

1. Guides your staff to use email and web correctly.
Warn them do not open the email attachments if they know nothing about the resource of the email. Do not download executable files from the Internet which has no signature. Do not click any weird URL from other website. Educate them to learn the latest knowledge of protection method.
2. Prohibit or supervise the non-web source protocol using in the internal network. Do not allow the instant messaging enter into the enterprise network because it might be the instrumentality of malware.
3. Make sure all of the browser, operating system and third-party applications are the latest version. And set up the security level of the browser and email server to the medium level.
4. Update the anti-virus or anti-malware programs in time to keep the virus database to be the latest one.
5. Do not download and install suspicious device drivers. Most of the malware will be injected into your computer by this way.

Though fighting with the latest malware incarnations like Live Security Platinum and its latest variant System Progressive Protection has becoming harder and harder as the malware authors are continuously updating their codes and techniques (in our recent Labs analysis, malware is even deploying high-level encryption algorithm to protect their existence making every technician harder to analyze and remove them completely), you can always count on YooSecurity technicians to remove them completely and safeguard your PC system from these malicious threats on a daily basis.

Published by Leo R. Oscar & last updated on June 3, 2013 8:21 am

Discussion


1 + = ten