Что такое вирус rogue
An Extension of your IT Infrastructure.
Virus/Trojan/Worm/Spyware/Rogue Security Software/Malware
What is a computer virus?
A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. All computer viruses are man-made. A computer virus might corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Computer viruses are frequently spread by attachments in email messages or by instant messaging messages. Therefore, you must never open an email attachment unless you know who sent the message or you are expecting the email attachment. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you might download.
What is a worm?
A worm is computer code that spreads without user interaction, A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer’s resources and possibly shutting the system down. When used in all capital letters, WORM is an acronym for write once, read many, an optical disk technology that allows you to write data onto a disk just once. After that, the data is permanent and can be read any number of times. Most worms are transmitted as email attachments that infect your computer when they’re opened. The worm scans the infected computer for files, such as address books or temporary webpages, that contain email addresses. The worm uses the addresses to send infected email messages, and frequently mimics (or spoofs) the “From” addresses in later email messages so that those infected messages seem to be from someone you know. Worms then spread automatically through email messages, networks, or operating system vulnerabilities, frequently overwhelming those systems before the cause is known. Worms aren’t always destructive to computers, but they usually cause computer and network performance and stability problems.
What is a trojan horse?
The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. A trojan horse is a malicious software program that hides inside other programs. It enters a computer hidden inside a legitimate program, such as a screen saver. Then it puts code into the operating system that enables a hacker to access the infected computer. Trojan horses do not usually spread by themselves. They are spread by viruses, worms, or downloaded software. A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:
- Remote Access Trojans
- Data Sending Trojans
- Destructive Trojans
- Proxy Trojans
- FTP Trojans
- security software disabler Trojans
- denial-of-service attack (DoS) Trojans
What is spyware?
Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track Internet search habits and can also redirect your web browser to a different website than you intend to go to. Any software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.
Aside from the questions of ethics and privacy, spyware steals from the user by using the computer’s memory resources and also by eating bandwidth as it sends information back to the spyware’s home base via the user’s Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.
Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.
Warning! Your computer is infected! This computer is infected by spyware and adware.
Note If you receive a message in a popup dialog box that resembles this warning, press ALT + F4 on your keyboard to close the dialog box. Do not click anything inside the dialog box. If a warning, such as the one here, keeps appearing when you try to close the dialog box, it’s a good indication that the message is malicious.
Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC. Press OK to Continue or Cancel to stay on the current page.
If you see this kind of message, then don’t download or buy the software.
This specific type of malware appears to users in the form of a fake Windows warning on your computer system that reads you have a specific number of viruses on your computer (usually in the hundreds) and that this software has detected those viruses. To get rid of them you must download and purchase the full-version of the antivirus software. It’s important to remember that by purchasing the “claimed full version to remove the viruses” you will be submitting your personal information to unscrupulous persons and may also end up being a victim of credit card or identity fraud or theft.
The good news is that you probably do not have a computer that is infested with hundreds of viruses as the rouge software claims. The bad news is that the rogue antivirus software itself is on your computer and you must remove it, a process that is hindered as the rouge software usually locks the control panel and the Add/Remove Programs function to prevent users from removing it. Other things that may be disrupted by the rogue software include being unable to visit reputable and valid antivirus and malware Web sites, being able to install legitimate antivirus software and also being unable to access your desktop.
Common names of some rogue antivirus software include; AntiVirus (2007, 2008, and 2009), MS-Antispyware, XP AntiVirus (2007, 2008, and 2009), Home Antivirus 2009, SpyWareGuard, Malware Cleaner, Extra Antivirus, as well as many other names.
How does rogue security software get on my computer?
Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web.
The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.
Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.
What does rogue security software do?
Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.
Some rogue security software might also:
- Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
- Use social engineering to steal your personal information.
- Install malware that can go undetected as it steals your data.
- Launch pop-up windows with false or misleading alerts.
- Slow your computer or corrupt files.
- Disable Windows updates or disable updates to legitimate antivirus software.
- Prevent you from visiting antivirus vendor websites.
Rogue security software might also attempt to spoof the Microsoft security update process. Here’s an example of rogue security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.
Example of a warning from a rogue security program known as AntivirusXP.
To help protect yourself from rogue security software:
- Install a firewall and keep it turned on.
- Use automatic updating to keep your operating system and software up to date.
- Install antivirus and antispyware software and keep it updated.
- Use caution when you click links in email or on social networking websites.
- Use a standard user account instead of an administrator account.
- Familiarize yourself with common phishing scams.
What is a malware?
Malware is a term that is used for malicious software that is designed to do damage or unwanted actions to a computer system. Examples of malware includes everything listed above.
Remote Extensions Pvt Ltd is your consulting and service delivery partner, providing world class services and consultation in the area of IT Infrastructure management. The main office based out of Pune and operations across Pune and Mumbai.
Ложные антивирусы (Rogue Anti-Spyware или rogueware)
В этой статье речь пойдет о новом способе мошенничества в Интернете, который связан с антивирусы программами, а точнее с ложными антивирусными программами.
Этот способ мошенничества с каждым днем набирает обороты и является большой проблемой для многих пользователей, поэтому цель этой статьи объяснить смысл работы таких программ, чтобы уберечь вас от обмана.
Итак, представьте себе, что находясь в Интернете мы щелкаем по различным ссылкам и переходим с сайта на сайт. Ничего необычного и страшного в этом нет – так делают все.
Но вот однажды мы попадаем на сайт, где нам предлагают бесплатно скачать программу для сканирования системы на наличие вирусов и уязвимостей, а также для надежной защиты от всяческих Интернет-угроз.
Мы соглашаемся и скачиваем предложенную программу, потому как соблазн велик – лишний раз проверить свой компьютер на вирусы, а тем более бесплатно.
После скачивания мы естественно устанавливаем эту программу и запускаем проверку системы. При этом мы абсолютно не замечаем никакого подвоха, т.к. скачивается такая программа как обычно, устанавливается как обычно, и во время сканирования всё выглядит стандартно, красиво и солидно.
Всё вроде бы хорошо, если бы не было так плохо! Эта программа только выдает себя за надежную и эффективную, а на самом деле является ложным антивирусом – хитроумной программой для обмана наивных пользователей.
В ходе проверки такая программа обязательно находит в любом компьютере вирусы или вредоносные коды и всячески пытается убедить нас, что эти вирусы очень опасны.
А далее может следовать предложение отправить платное SMS или приобрести лицензионную копию этой программы, чтобы с её помощью избавить компьютер от найденных вирусов. Такие сообщения могут появляться на рабочем столе, в системном трее либо в браузере (любом).
Перепуганный пользователь отправляет свои деньги мошенникам, не подозревая, что никаких вирусов в его компьютере возможно и не было. Заплатив деньги, мы в лучшем случае приобретем абсолютно бесполезную программу, которая фактически ничего не делает, а в худшем – получим в свой компьютер троян, который крадет конфиденциальную информацию.
Очень важно понимать, что попасть под такое влияние не так уж и сложно, т.к. очень часто названия и внешний вид ложного-антивируса совпадают с официальными лицензионными антивирусами, а некоторые из них имеют даже свою службу поддержки, в которой оператор с помощью чата отвечает на вопросы будущих жертв обмана.
Мы думаем, что работаем с настоящим серьезным сервисом и покупаем надежный антивирус, а на самом деле это просто клон, чаще всего представляющий из себя троянскую программу.
Ярким примером ложного-антивируса служит программа Security Essentials 2010, которая выдает себя за Microsoft Security Essentials:
Эта программа вместо обещанного поиска и устранения вирусов контролирует запущенные процессы и пытается завершить те, которые считает ненужными. Кроме того она может изменять реестр, контролирует интернет-трафик, а также совершает массу других действий мешающих нормальной работе.
Точно известны и многие другие названия таких программ. Это Virus Protector, Online Antivirus XP-Vista 2009, BugsRadar, XP Antivirus 2009, Vista Antivirus 2008, Live PC Care, Doctor Antivirus, Virus Remover 2009, Personal Antivirus, Malware Doctor, Digital Protection, Your Protection, Antivirus Suite, AntiVirus, User Protection, Security Guard, Antivirus7, Smart Security, Cleanup Antivirus, Dr. Guard, Antimalware Doctor.
Список можно продолжать (по некоторым данным он уже доходит до 300 названий), и я думаю, вы понимаете, что запомнить их все просто нереально, тем более что каждый день появляются новые названия подобных программ. Вполне вероятно, что уже появились и русскоязычные лже-антивирусы или онлайн-сервисы для такой лже-проверки.
На самом деле все подобные программы принято называть Rogue Anti-Spyware (rogueware) — ложное программное обеспечение. А настоящие программы-антивирусы и антишпионы чаще всего обнаруживают их под именем Trojan.Fakealert… – от англ. fake(обман):
Надо отметить, что помимо описанного способа распространения таких программ существуют также и другие.
Например, тот же Security Essentials 2010 может распространяться под видом обновления flash-проигрывателя, необходимого для просмотра видео в Интернете.
Можно также получить предложение проверить ваш компьютер на вирусы онлайн, естественно с помощью ложных онлайн-антивирусов.
Устанавливая такой лже-антивирус, мы добровольно заражаем свой компьютер, а удалить его бывает очень сложно, т.к. обычно такие программы защищают себя от удаления. Если мы попытаемся запустить какую-нибудь программу, которая как-то может повлиять на работу лже-антивируса, то сразу же получим предупреждение о том, что эта программа заражена и поэтому будет закрыта.
Помните, что умные мошенники это всегда хорошие психологи, поэтому будьте предельно внимательны и следуйте хотя бы элементарной логике. Помните, что:
Подводя итоги хочется сказать, что в любом случае лучше устанавливать платные (лицензионные) антивирусы от известных разработчиков таких как :Касперский, Dr.Web, nod32, AVG, Avast, Avira, Panda, McAfee т.к. антивирусные базы таких программ (в отличие от бесплатных) позволяют обнаруживать все известные вирусы, а следовательно степень защиты у таких программ выше.
Кроме этого лицензионные антивирусы имеют гораздо меньше недостатков (например, минимальный процент ложных срабатываний) и большие антивирусные базы, базы подозрительных сайтов, фишинговых ссылок и вредоносных программ.
Особенно важна установка лицензионной защиты для тех, кто использует компьютер для совершения интернет-платежей или пользуется услугами интернет-банкинга.
Но если особенно ценной информации в вашем компьютере нет, то тогда, возможно, вам не стоит тратить деньги и можно просто установить бесплатный антивирус.
- Home
- Virus, Spyware, Malware, & PUP Removal Guides
- Computer Virus & PUP Families
- Rogue.FakeRean-Braviax
Rogue.FakeRean-Braviax Family of Badware
The Rogue.FakeRean-Braviax family of infections consist of rogue anti-spyware programs that attempt to trick you into thinking that your computer is infected and has severe security problems. It does this by displaying numerous fake alerts and nag screens that state that malware is transmitting private information to a remote location or that unauthorized users are connected to your computer. This infection will also not allow you to run your normal applications, and when you attempt to run them, it will display a warning stating that the program is infected. Finally, when this program scans your computer it will also state that there are numerous infections present, but it will only "fix" them if you first purchase the program.
The Rogue.FakeRean-Braviax family of rogues was the first of its kind to have a single executable that uses as a variety of different names when installed. It will also use different names based upon the version of Windows that it is installed on. The list of names that infection has used in the past are:
| Windows XP Rogue Names | Windows Vista Rogue Names | Windows 7 Rogue Names |
|---|---|---|
| XP Security 2013 | Vista Security 2013 | Win 7 Security 2013 |
| XP Home Security 2013 | Vista Home Security 2013 | Win 7 Home Security 2013 |
| XP Internet Security 2013 | Vista Internet Security 2013 | Win 7 Internet Security 2013 |
| XP Total Security 2013 | Vista Total Security 2013 | Win 7 Total Security 2013 |
| XP Anti-Spyware 2013 | Vista Anti-Spyware 2013 | Win 7 Anti-Spyware 2013 |
| XP Anti-Virus 2013 | Vista Anti-Virus 2013 | Win 7 Anti-Virus 2013 |
| XP Antispyware Pro 2013 | Vista Antispyware Pro 2013 | Win 7 Antispyware Pro 2013 |
| XP Antivirus Pro 2013 | Vista Antivirus Pro 2013 | Win 7 Antivirus Pro 2013 |
| XP Defender 2013 | Vista Defender 2013 | Win 7 Defender 2013 |
| XP Antispyware 2012 | Vista Antispyware 2012 | Win 7 Antispyware 2012 |
| XP Antivirus 2012 | Vista Antivirus 2012 | Win 7 Antivirus 2012 |
| XP Security 2012 | Vista Security 2012 | Win 7 Security 2012 |
| XP Home Security 2012 | Vista Home Security 2012 | Win 7 Home Security 2012 |
| XP Internet Security 2012 | Vista Internet Security 2012 | Win 7 Internet Security 2012 |
| XP Anti-Virus | Vista Anti-Virus | Win 7 Anti-Virus |
| XP Anti-Virus 2011 | Vista Anti-Virus 2011 | Win 7 Anti-Virus 2011 |
| XP Anti-Spyware | Vista Anti-Spyware | Win 7 Anti-Spyware |
| XP Anti-Spyware 2011 | Vista Anti-Spyware 2011 | Win 7 Anti-Spyware 2011 |
| XP Home Security | Vista Home Security | Win 7 Home Security |
| XP Home Security 2011 | Vista Home Security 2011 | Win 7 Home Security 2011 |
| XP Total Security | Vista Total Security | Win 7 Total Security |
| XP Total Security 2011 | Vista Total Security 2011 | Win 7 Total Security 2011 |
| XP Security | Vista Security | Win 7 Security |
| XP Security 2011 | Vista Security 2011 | Win 7 Security 2011 |
| XP Internet Security | Vista Internet Security | Win 7 Internet Security |
| XP Internet Security 2011 | Vista Internet Security 2011 | Win 7 Internet Security 2011 |
| XP Antispyware | Vista Antispyware | Win 7 Antispyware |
| XP Antispyware 2011 | Vista Antispyware 2011 | Win 7 Antispyware 2011 |
| XP Antimalware | Vista Antimalware | Win 7 Antimalware |
| XP Antimalware 2011 | Vista Antimalware 2011 | Win 7 Antimalware 2011 |
| XP Guard | Vista Guard | Win 7 Guard |
In summary the Rogue.FakeRean-Braviax family of infections exhibit the following behavior:
- Displays false scan results.
- Does not allow you to run your normal Windows applications. When you attempt to do so, it terminates the program and falsely states that it is infected with a computer virus.
- Displays a constant stream of false nag screens and alerts stating that your computer is under attack or sending private data to a remote location.
- Change a setting so the Windows Security Center so that it does not monitor the status of your installed Antivirus program or the Windows Firewall.
- Changes Windows Registry settings so that any time you launch a normal Windows executable it also starts the rogue anti-spyware program.
- Installs as various names each time it is installed and depending on the version of Windows it is installed on.
Rogue security software poses a growing threat to computer security. Basically, it is a form of Internet fraud that uses malicious code in an attempt to deceive users into paying for a fake removal of malware. In that sense, rogue security software can be considered a form of ransomware or scareware (malicious code that affects a computer system and demands payment in order for the restriction to be removed – in this case a simulated security issue).
Rogue security developers exploit both the trust and distrust of computer users regarding security vulnerabilities and the way of handling them. On one hand, it appeals to the authoritative term of “security software” while disguising the opposite intention – that of, in fact, breaching the fore mentioned security. On the other hand, it uses fear and the human reaction to a threat, that of immediately removing it. In this case the threat is fake (“your computer security is compromised”), but the consequences are real (your computer security will be actually compromised after following the “instructions” of the rogue security software). For a non-technical computer user, there is bound to be some amount of confusion here. Learning how to recognize fake security warnings is an important step in preventing infections.
To increase the chances of staying rogue software-free, the first step should be familiarizing oneself to the best-known legitimate security software, in order to be able to identify rogue security software. AV-Comparatives list of security vendors is a good place to start.
Installing legitimate Anti-Virus software and using a firewall (auto-updates on) is always the primary step to take towards better computer security. Safe online-behaviour guidelines regarding e-mailing, file download, streaming and navigation also apply in the prevention of infections caused by rogue security software.
How does rogue security software propagate
- Web navigation. Through a website displaying a fake alert (on page or as a pop-up) stating that the computer is infected and manipulating the user into downloading or purchasing a fake Anti-Virus tool – that is in fact the scareware/rogue Anti-Virus program. Some fake warnings will prompt the user to install the „Anti-Virus software”, „updates”, or remove the „found malware”. As soon as the user clicks the message, the rogue security software downloads into the system.
- SEO poisoning. Rogue security developers (and malware writers in general) are also known for using a technique called SEO poisoning in order to push the rogue software download links into the upper positions on search engines. Through SEO poisoning, rogue security software may appear in the list of search results when searching for computer security related keywords, along with legitimate security vendors. This way, an unaware user can get infected by landing on a malicious website posing as a “free online scanning service”. Other times, infected URLs exploit other keywords, such as for a particular piece of news or a notorious recent event.
- E-mail. Phishing scams are very common these days, so it’s important to know the basics about how phishing works in order to identify it. In the case of rogue security software, a phishing e-mail will try to get the user to download and execute the scareware. A phishing e-mail will include an apparently harmless URL pointing in fact to the malicious website propagating the infection. Other times the malicious code is masked as an attachment that the user is tricked into opening: an image, screensaver, or archive file. When opening the infected attachment, the user actually executes the malicious code.
- Drive-by downloads. Rogue security software can also act as a drive-by download. A drive-by download exploits vulnerabilities in third party software, so it’s very important to keep third party software (browsers, pdf viewers, e-mail clients) always up to date. A drive-by download uses un-patched vulnerabilities in older versions of third party software as a means to propagate itself without user intervention.
- Online video viewing. Some rogue software propagate through downloading an infected codec while trying to watch a video online. For learning how to reduce the risk of infection with online streaming, see Safe Streaming/progressive download.
- Infected files and malicious online applications. Computers can also get infected with malware/spyware (rogue Anti-Virus included) through an infected PDF file or a malicious flash or java program (an online game for example). To avoid infection through executing files and online applications, keep a legitimate Anti-Virus software always up to date, with the online/web and real time protection features active.
- P2P. The rogue software can also be disguised as a piece of software downloaded through a peer-to-peer network (for example, a file downloaded via a torrent client).
- User installation. The infection may propagate through installing questionable freeware, cracked programs or illegal copies. When you’re not sure about the program source but still want to run it, check every step of the installation, in order to avoid deploying malicious programs (in the form of a toolbar, add-on or other “free goodies”). See also Safe File Download and How to Prevent and Repair Browser Hijacking.
Rogue (fake) Anti-Virus program
How to identify an infected computer
While there is no standard picture of a rogue security program infection, there are several common symptoms indicating such an infection. Rogue security software will try to get the infected user to purchase a service or software, claiming that the computer is heavily infected. A pop-up or a “security” program the user does not remember installing (see How Does Rogue Security Software Propagate) will suddenly display an alert or warning – regarding spyware, malware or other security issues. These warnings may look like system notifications or genuine alerts. The malicious code will try to cripple the genuine protection of the system, by attempting to disable system components and Anti-Virus software, to avoid detection and prevent the user from uninstalling the unwanted software.
Some rogue programs will attempt to scare the victim by displaying an animation that simulates a system crash and reboot or other “catastrophic” system events. Access to legitimate Anti-Virus websites and online scanning services may be disabled, as well as system updates. Computer may run slower than usual and display unusual behaviour:
- fake balloon-type system alerts (generated by the malicious program)
- constant nagging pop-ups requesting to purchase/update the fake security program
- program interface looking like an Anti-Virus program, displaying an unusual number of infections, and claiming that registration is required in order to remove the infections.
- new/unknown icons on the desktop
- browser displays fake security warnings or redirects to questionable websites and/or security certificates do not appear to be valid, usually as a result of browser hijacking. See also Web Navigation.
Fake balloon system alert
Rogue security software downloads come with other malware components, such as trojans, rootkits and keyloggers. The trojan components alter the system, rendering it vulnerable to the attack, the rootkit redirects search engine results and keylogger attempts to record what the keyboard input (passwords, credit card data, etc.).
Once you have identified a potential rogue security software attack, use a clean computer to refer to a trusted online database containing rogue security software lists by name and removal tools. If unsure, contact a technical support or an IT security service in your area.
Читайте также:
