November 23, 2010


A fake scanner based on Javascript looks quite genuine to an inexperienced user
            There are many types of malicious programs designed to scare people into buying a licence for a worthless program usually for windows. Their names may differ depending on the functionality and the way of packing/compressing the binary files. Thus, rogue antivirus programs may be contained in, among other examples, the following signatures: not-a-virus:FraudTool (this program is ascribed to the ‘not a virus’ category due to the lack of a malicious payload, apart from its attempts to persuade users to pay money for a nonfunctioning application), Trojan.Win32.RogueAV, Trojan.Win32.FraudPack or Trojan-Downloader. Win32.Agent.

The diagram refers to FraudTool signatures and shows the Top10 rogue antivirus programs. Due to the huge number of signatures it is difficult to tell for sure just by the name whether a particular malicious program represents a group of rogue antivirus solutions or not.

A bogus YouTube website. A false message informs the user that it
is necessary to update their copy of Flash Player. Cybercriminals
often covertly insert malicious programs into a user’s system by
this method, any one of which may be a rogue antivirus solution
In total, there were 266,090 victims of FraudTool.Win32 in all of the countries. First place goes to Vietnam with over 120,000 cases of FraudTool.Win32 infection.

A study shows the number of malicious programs detected on particular days for the period from March to June. From mid-March, the number of infections has systematically decreased. In March, there were 192,000 infections in total, in April 150,000, in May 135,000 and between 01 and 17 June 58,000 infections, which indicates that the number of infections in June will probably be even smaller than in May. However this fact only proves that like everyone everywhere, cybercriminals also like to take their vacations in summer. As with other malware distribution, scareware peaks in spring, autumn and before New Year.

Microsoft as the biggest software vendor is engaged in a campaign against this type of fraud also. Its website informs visitors how to remove an unwanted program and how to tell the difference between a false version of Windows Defender and the real one,which is built into the Windows system.


Rogue antivirus programs are quite successful, which seems to be confirmed by the fact that cybercriminals look for new methods to entrap unwary users. Cybercriminals are getting better and better at making their products similar to known security applications. As a result, companies lose the trust of their customers, whilst the customers themselves, quite apart from money, can lose passwords and logins to bank and email accounts, social networks, etc. This means that the identity of the victim is under threat. We can easily predict what will happen next. With a new ID, a cybercriminal can open a bank account in somebody else’s name and use it with impunity, as it is the victim that will be responsible for the cybercriminal’s actions.


Any other Anti-virus program apart from Rogue anti-virus which you can recommend ?

Is there anyway to identify bogus website and geninue website?

@PC Optimization, To the inexperienced person, all websites look legitimate and so it is hard to tell whether it is safe to input private information e.g. when purchasing online products or not safe. If you are not sure or have any doubts whether the website can be trusted then STOP!!! And take your time to investigate further into the website. People who design such websites to gain access to data and scam people are known as “phishers”.

Websites like “Gamasec” are created to help people make sure their website is secure. To check other websites are secure more information can be provided on government websites such as “” which is created by the National Consumers League (NCL).

When logging onto websites such as hotmail or any other server, always look out for “https” which will be on the URL bar on the top of the screen. For example when logging into yahoo mail it will be displayed as “”

In addition to this, when logging into a server or buying online items, look out for the “padlock” sign which will be on the bottom right of the website page. The image below shows both the “https” information and the “padlock” sign.

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More