Posts tagged as:

security

WordPress Warns Of Trojanized Plug-Ins, Urges Patching

Wordpress Security

Wordpress Security

Attackers added a back door to three plug-ins that were available for download from WordPress for more than 24 hours.

WordPress on Tuesday warned all users who run its software on their own servers to beware a trio of malicious plug-ins for its content management software, which may have been available for download from the site for more than 24 hours.

“Earlier today the WordPress team noticed suspicious commits to several popular plugins–AddThis, WPtouch, and W3 Total Cache–containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory,” said a warning from Matt Mullenweg, founding developer of WordPress, released on Tuesday.

Plug-ins extend WordPress functionality, and the ones called out in the security warning offer an interface with social networking sites (AddThis), mobile and iPad versions of WordPress blogs (WPtouch), and server performance enhancements (W3 Total Cache). AddThis and W3 Total Cache have been downloaded at least 500,000 times, and the free version of WPtouch, more than two million times.

Mullenweg said that while an investigation is underway and there’s no evidence that attackers compromised the WordPress site, WordPress just to be safe has forcibly reset all passwords for WordPress.org, which is the site where users can download WordPress. “To use the forums, [development site] Trac, or commit to a plugin or theme, you’ll need to reset your password to a new one”–by using the log-in page–said Mullenweg.

Plug-ins extend WordPress functionality, and the ones called out in the security warning offer an interface with social networking sites (AddThis), mobile and iPad versions of WordPress blogs (WPtouch), and server performance enhancements (W3 Total Cache). AddThis and W3 Total Cache have been downloaded at least 500,000 times, and the free version of WPtouch, more than two million times.

Mullenweg said that while an investigation is underway and there’s no evidence that attackers compromised the WordPress site, WordPress just to be safe has forcibly reset all passwords for WordPress.org, which is the site where users can download WordPress. “To use the forums, [development site] Trac, or commit to a plugin or theme, you’ll need to reset your password to a new one”–by using the log-in page–said Mullenweg.

In addition, he said that any users of the three Trojanized plug-ins who updated them “in the past day” (meaning Monday or Tuesday) should upgrade those plug-ins immediately.

Plug-ins, malicious or otherwise, continue to account for an increasing number of vulnerabilities seen in applications, both on PCs (for example, with browsers) and in Web applications (such as WordPress). In terms of WordPress, plug-ins now account for 80% of all WordPress-related vulnerabilities, according to HP DVLabs.

But some plug-in vulnerabilities are worse than others. “Web-based backdoors can be extremely dangerous,” said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. “If you’re a WordPress user, you’ll know that the WordPress platform includes a complete and powerful administration interface, password-protected, via a URL such as “site.example/wp-admin.” A WordPress backdoor might offer something with similar functionality, but using a different, unexpected, URL, and using a password known to the hacker, instead of to you.”

Another danger is that if attackers managed to steal WordPress passwords, they might attempt to use them to access other sites. According to Mullenweg, “as a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.”

Unfortunately, password reuse remains rampant as numerous, recent attacks have shown, such as when LulzSec released stolen databases containing usernames and passwords–such as the release of 37,608 SonyPictures.com passwords, which researchers have cross-referenced with other leaked databases.

http://www.informationweek.com/news/security/vulnerabilities/231000230

{ Comments on this entry are closed }

Is Mozilla’s Firefox 5 a More Stable Browser Than Its Predecessor?

Mozilla Firefox 5.0

Mozilla Firefox 5.0

This week’s release of the Firefox 5 browser came shockingly fast for Mozilla. Firefox 4 came out of beta barely 3 months ago–the previous numbered release, Firefox 3, was released way back in 2008.

A quick look at the features and improvements in Firefox 5 however reveals what the Mozilla foundation did to accomplish the fast release: There are some significant upgrades under the hood, but this is really more of a 4.1 release than a full new version of the browser.

However, the big news is that the release of Firefox 5 may finally solve the stability issues users have complained about since the beta builds of Firefox 4. When the Mozilla foundation released the last major overhaul of Firefox back in March, it was a huge step forward for the browser. The update brought with it a host of new features like improved tab navigation and the ability to sync bookmarks across multiple computers.

Perhaps most importantly, Firefox 4 improved the speed of the browser which had been lagging in recent years.

However, Firefox 4 also brought a lot of complaints about random crashes. A user named bigdaddyken on Mozilla’s support forums posted that “firefox 4 crashes constantly, on opening, different pages, etc. Old firefox worked fine.” More than one thousand users reported the same issue, and this report was only one of many crash complaints on the forums.

PCWorld users have also had problems with the browser. In a comment on our early hands-on with Firefox 4 report, user xvMATTLEEvx said “Sure it has added features but that is just to keep up with everyone else it’s nothing innovative like Mozilla used to be. On top of that Firefox 4.0 is suffering the same crashes and memory spikes Firefox 2.0 suffered. I am talking without add-ons not with add-ons.”

Firefox 5 Feature List

The list of Firefox 5′s new features isn’t exactly designed to thrill. It’s headed by “added support for CSS animations” and features other improvements like “improved discoverability of the Do-Not-Track privacy feature preference” and “improved spell checking for some locales.”

Clearly the features listed here aren’t the real news in Firefox 5. Users will probably be a lot more excited by the list of hundreds of bug fixes that come along with Firefox 5. While there is some reason to worry that this rapid update strategy brings as many problems with it as it solves, with any luck, these bug fixes will make Firefox 5 as crash-proof as it is fast.

Today, we asked our Facebook page users if they had any similar problems with Firefox 4 and quickly got more than 40 responses like Irving Cool who says “FF4 crashes a lot :S” or Wali Khan who stated his “New Firefox crashes every 5 minutes.”

Let’s hope Firefox 5 really solves the problems.

Get Firefox

If you need a fresh new copy of Firefox, you can get it here:

{ Comments on this entry are closed }

The Best Antivirus Software in 2011, According to PC Magazine

The Best Antivirus Software in 2011

Best Antivirus Software, 2011

Antivirus vendors have included “2011″ in their product names since the summer of 2010. Now that the year 2011 has actually arrived it’s time for a new look at the whole collection. Several of the latest additions attempt to crank up protection by running two different antivirus engines, and some actually succeed. This batch also brings a new Editors’ Choice for free antivirus and a new shared Editors’ Choice for commercial antivirus.

As always, when I say “antivirus” I mean a utility that protects against all kinds of malicious software, not just viruses. Trojans, spyware, rootkits, keyloggers, adware, scareware – a proper antivirus must handle all of these.

Standalone or Suite?
Many of this year’s products blur the line between standalone antivirus and security suite. In the past the presence of a personal firewall has been one defining suite element; not any more. There’s a fully-functional firewall inside Panda Antivirus Pro 2011. eScan Anti-Virus 11 and McAfee AntiVirus Plus 2011 also offer firewall protection. Norton AntiVirus 2011 doesn’t include a complete firewall, but its intrusion prevention feature is more effective against exploits than most full-blown suites.

Spam filtering is another component typically found in a suite. The spam filter built into BullGuard Antivirus 10 is reasonably accurate and unusually helpful at setup time. eScan also offers a spam filter, but it’s not something you’d want to inflict on your Inbox.

StopSign Internet Security 1.0 includes an optional firewall with spam filtering built in. None of the independent labs have tested it, though, and its performance in my own malware blocking and removal tests was so poor that I didn’t bother evaluating those optional features.

BitDefender Antivirus Pro 2011 offers full remote management of other BitDefender installations across the network. McAfee can monitor other installations remotely and fix problems. Panda and Norton can at least let you know when another installation has problems, though they won’t fix those problems remotely.

BitDefender includes a very effective phishing prevention tool, as does G Data AntiVirus 2011. The LinkScanner component in AVG Anti-Virus Free 2011 also works to block phishing sites, as does McAfee’s SiteAdvisor. AVG and Norton both scan the links on your Facebook pages to protect you from Facebook scams and viruses. BitDefender and Kaspersky Anti-Virus 2011 both check your system for security vulnerabilities, though BitDefender takes the concept a bit farther.

Outpost Antivirus Pro 7.0 and BitDefender can block transmission of user-defined private data, a feature usually found only in suites. Ad-Aware Pro Internet Security 9.0, AVG, Kaspersky, and McAfee will tune system performance and wipe out traces of computer and Internet use. Sometimes it’s hard to remember that the product is “only” an antivirus, not a full suite.

The true standalone antivirus isn’t dead, however. For example, F-Secure Anti-Virus 2011 sticks to the business of virus protection without any sign of morphing into a mini-suite.

Twin-Engine Trend
Several late-season additions aim to double your protection by using two antivirus engines, with varying degrees of success. G Data’s dual scan doesn’t take much longer than the average single-engine product, and it includes powerful phishing protection. However, it doesn’t thoroughly clean up the threats it detects, and a failed cleanup effectively killed one test system. TrustPort Antivirus 2011 ran a bit slower than G Data and failed significantly in my testing. After its alleged removal some threats were still running. In the malware blocking test a few threats that it claimed to block managed to install and launch anyway.

Double Anti-Spy Professional v2 turned in the best performance of the twin-engine antivirus tools. It scans first with one engine, then with the other, and it also requires two separate updates. It’s noticeably slow, but effective enough that it’s worth waiting for.

Adjustable Interfaces, Built-in Support
Some users want to hear about every little security event, but most prefer a product that just does the job, without making a fuss. Ad-Aware Pro appeals to both with a choice of simple or advanced mode. BitDefender goes even further. Not only can its users choose basic, intermediate or expert view, they can build a personal collection of their most-used tools.

Webroot AntiVirus with Spy Sweeper 2011 totally focuses on keeping everything as simple as possible. It updates automatically, scans while the system is idle, and interacts with the user through a completely redesigned interface. All the detail a tech-savvy user might want is available, but hidden when not needed.

The user interface for Trend Micro Titanium Antivirus + 2011 discards the standard landscape-orientation window for a skinny vertical panel that takes up minimal space. McAfee, too, has switched to a vertical interface.

Norton reserves a panel across the bottom of its main window for interaction and communication with other security components. Initially the panel shows an interactive world map of security activity, but it can also connect with Norton Safe Web for Facebook or with your Norton Online Backup account.

Built-in and automated support features grace many of these tools. BitDefender includes a search box for help topics right on its main screen; a built-in tool will gather system information and contact an agent for chat-based support. Norton’s one-click support system gathers diagnostics and offers relevant FAQs or chat-based support. Kaspersky’s built-in support tool can send diagnostic reports to the company and process purpose-built scripts to fix specific problems. Panda’s PSCAN lets remote analysts request samples and push fixes without requiring full chat-type interaction. BullGuard offers built-in access to e-mail and live chat support with a message center to manage your support interactions. eScan links to live chat and online help.

[click to continue…]

{ Comments on this entry are closed }

Donbot dumps fake AV spam – pitches gambling site instead

Donbot dumps fake AV spam – pitches gambling site instead

Botnets pitching online casinos

Donbot – aka Bachsoy and Buzus – is known to be capable of generating an incredible volume of spam. At its height in the summer of 2009, the swarm was noted as generating around 800 million spam messages a day from around 125,000 infected PCs.

This equates to around 1.3% of global spam volumes, although some reports have noted spikes reaching the 4.0% mark.

According to David Broome, a researcher with M86 Security, Donbot’s spam deluge paused recently for 15 minutes and came back with a gambling pitch.

The pitch, he says in his latest security blog, is one his security colleagues have seen for over a year on and off in their spam traps.

“It is designed to encourage the reader to gamble money on roulette with what is presented as a winning strategy. Conveniently, a link to an online casino is provided to the user in order to use this strategy and make easy money”, he reports.

Following the link, says Broome, leads to a web splash page where clicking any button on the page – including the language flags at the top – starts a download of Casino-Online.exe.


The WHOIS information for the casino domain lists it as having been registered at namecheap.com on the 24th of May 2011.

“So, if there was any doubt to the possible legitimacy of this casino, here’s the proof that it is in fact an illegitimate operation. The domains that lead to the casino software are changing regularly and being spammed out fresh”, he said.

After downloading the Casino-Online.exe binary and scanning it through the VirusTotal test site, 4 of 42 anti-virus packages detected it as various malware executables.

“When we ran the Casino-Online.exe in our environment and set up an account, no unusual traffic was seen going out. While it may not be malware in the traditional sense, it’s certainly operating in a highly dubious fashion. We normally advise against clicking links in spam messages, so downloading and executing arbitrary executable files is a definite no-no”, he said.

The information gathered during the account creation process, he explained, is quite thorough, which is also concerning given what data could be collected and used for future spam campaigns, or sold.

“Assuming the casino isn’t rigged, the odds are still stacked in favour of the house. Despite their description of the strategy, the odds for Red/Black in roulette are not actually 50/50, instead being 48.6/48.6/2.8 – the 2.8% being for the 0 that is also on the wheel”, he observes.

This means, he goes on to say, that regardless of a bet on red or black, you have a 51.4% chance of losing the bet.

Whilst this may seem reasonable odds, he adds, it gives the casino enough of a winning margin that – given enough time they will eventually come out on top.

“Using the strategy outlined in the spam message of multiplying a bet 2.5 times after every loss, it would take only 10 losses in a row for you to have lost $6,000, and 13 losses in a row for you to have lost just shy of $100,000″, he says.

“Without an unlimited bankroll you will surely come to grief at some point”, he adds.

from http://www.infosecurity-magazine.com/view/18297/donbot-dumps-fake-av-spam-pitches-gambling-site-instead/

{ Comments on this entry are closed }

Fake AV, SEO Poisoning Top Malware Threats

ZDNet's Scareware GuideAttackers increasingly focused on fake antivirus and black-hat SEO techniques to target victims on the Web in April.

The volume of malware continued to increase in April as online scammers and malware distributors took advantage of major events according to security experts. Fake antivirus software and poisoned image search links were particularly prevalent in April.

There were over 73,000 new variants of malware released daily in April, a 26 percent increase over April 2010, GFI Software found in its monthly analysis released May 16. Cyber-criminals exploited several high-profile events, including the U.K. Royal Wedding of Prince William and Kate Middleton, the Easter holiday, the anniversary of Yuri Gagarin becoming the first man in space and the release of President Barack Obama’s birth certificate.

Seven of the top 10 malware threats were Trojans, according to GFI’s top 10 malware list for the month. Trojan.Win32.Generic!BT, a generic malware classification that encompasses a variety of Trojans, continued to be the biggest threat, accounting for over 20 percent of total malware detected. The Zeus/Spyeye Trojan and fake antivirus were also part of the top 10. [click to continue…]

{ Comments on this entry are closed }

Google rolls out a security patch for Android to fix an encryption hole

Google Android Security

Google Android Security

Google is rolling out a security patch for Android that fixes a vulnerability reported to have affected 99 per cent of users.

The patch fixes an issue flagged by German security experts that could allow hackers to look at personal information in the Google calendar and contacts apps.

The University of Ulm researchers said that in Android 2.3.3 and earlier these apps transmitted unencrypted information to retrieve an authentication token, or Authtoken, from Google. This left an opening where criminals could steal the token through WiFi snooping.

Once a hacker had one of these Authtokens, they could use it for several days, accessing your private information and potentially impersonating an individual smartphone. In Android 2.3.4 this flaw is fixed, but it was mentioned that 99 per cent of Android users were still using versions 2.3.3 and earlier, which meant they were all at risk.

But now Google is updating all of the endangered handsets with a silent server-side patch that won’t require any action by Android users, forcing servers to use an encrypted HTTPS connection when syncing with a handset.

A Google spokesperson said, “We’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”

Sophos security consultant Graham Cluley praised Google’s actions but added, “Concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates.”

from The Inquirer http://www.theinquirer.net

{ Comments on this entry are closed }

Top 10 Malware Threats reported by GFI Software for February

According to GFI Application, a trend observed since last summer continued, with lots of of the same types of Trojan horses continuing to dominate the threat landscape. GFI’s statistics revealed that Trojans made up three of the top 10 malware threats in February 2011. Topping the list, Trojans detected as Trojan.Win32.Generic!BT accounted for 22.97 percent of total detections, holding its spot as the number one threat.

GFI Application has announced the top 10 most prevalent malware threats for the month of February 2011 as detected by scans performed by its anti-malware solution, VIPRE Antivirus, & its antispyware gizmo, CounterSpy.

These Trojans are downloaders associated with rogue security programs known as Fake Antivirus application, sometimes known as “scareware”. One time they are on a use’s process, these programs perform a fake scan of a victim’s computer for malware then display false warnings that the machine is infected in an try to persuade victims to buy fake security application.

The top 10 results represent the number of times a specific malware infection was detected in the coursework of GFI’s VIPRE & CounterSpy scans that document back to GFI’s community of opt-in users. These threats are classified as moderate to extreme based on process of installation among other criteria established by GFI Labs.

Top 10 Detections for February 2011 as reported by GFI Software:

1
 Trojan.Win32.Generic!BT Trojan
22.97%
2
 Trojan-Spy.Win32.Zbot.gen Trojan
3.46%
3
 Trojan.Win32.Generic.pak!cobra Trojan
2.89%
4
 Zugo LTD (v) Adware
2.52%
5
 Fraudtool.Win32.Securityshield.ek!c (v) Trojan
2.00%
6
 Trojan.Win32.Generic!SB.0 Trojan
1.72%
7
 INF.Autorun (v) Trojan
1.66%
8
 Worm.Win32.Downad.Gen (v) Worm
1.48%
9
 Pinball Corporation (v) Adware
1.19%
10
 Exploit.PDF-JS.Gen (v) PDF exploit
0.83%

{ Comments on this entry are closed }

How to Recognize a Fake Virus Warning

Watch out for fake anti-virus alerts

Scareware: FBI Warns That Those Pop-Up Security Warnings Pose a Threat to Your Computer

I have a friend in the real estate business who told me that he wanted to pick up his computer and hurl it through a window.

The cause of his frustration was an incessant series of pop up messages on his computer screen that warned he had a virus on his computer. He could not figure out how to make the pop ups go away and eventually his computer ceased working.

He presumed that the warnings were legitimate, but he later learned that he was the victim of “scareware.”

He didn’t know that the FBI put out a warning this month about the threat of pop up security warnings.

The FBI states that pop up messages claiming that you have a virus and you are in need of anti-virus software may, ironically, actually contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft.

The FBI states that those pop up messages contain “scareware”, fake or rogue anti-virus software that looks authentic, but they are not.

Scareware is sold to unsuspecting computer users who fear viruses on their computers. The scareware is either useless or contains damaging malware programs. The cyber criminals convince users that he or she has a virus that has infected their computer and then offers anti-virus software to remove it. The virus does not in fact exist until the user downloads the scareware
The term scareware describes software products that often generates a bombardment of pop up warning messages that makes using your computer difficult.

The message may display what appears to be a real-time, anti-virus scan of your hard drive. The scareware will show a list of reputable software icons; however, you can’t click a link to go to the real site to review or see recommendations. The FBI says that cyber criminals use botnets —collections of compromised computers — to push the software, and advertisements on websites deliver it. This is known as malicious advertising or “malvertising.”

Once the pop-up warning appears, it can’t easily be deleted by clicking on the “close” or “X” buttons. If you click the pop-up to purchase the software, a form to collect payment information for the bogus product launches. In some instances, the scareware installs malicious code onto your computer, whether you click the warning or not. This is more likely to happen if your computer has an account that has rights to install software.

The FBI says that downloading the software can result in viruses, malicious software called Trojans, and/or keyloggers— hardware that records passwords and sensitive data —being installed on your computer. This malicious software can cause severe damage and the inability to use your computer.

The Federal Trade Commission (FTC) notes that the scareware scam has many variations, but there are some telltale signs. For example:

  • You may get ads that promise to “delete viruses or spyware,” “protect privacy,” “improve computer function,” “remove harmful files,” or “clean your registry;”
  • you may get “alerts” about “malicious software” or “illegal pornography on your computer;”
  • you may be invited to download free software for a security scan or to improve your system;
  • you could get pop-ups that claim your security software is out-of-date and your computer is in immediate danger;
  • you may suddenly encounter an unfamiliar website that claims to have performed a security scan and prompts you to download new software.

The FTC reports that scareware schemes can be quite sophisticated. The cyber criminals purchase ad space on trusted, popular websites. Although the ads look legitimate and harmless to the website’s operator, they actually redirect unsuspecting visitors to a fraudulent website that performs a bogus security scan. The site then causes a barrage of urgent pop-up messages that pressure users into downloading worthless software.

Fake anti-virus example screenshots

Example screenshots of fake anti-virus alerts

The FTC suggest that if you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser. Don’t click “No” or “Cancel,” or even the “x” at the top right corner of the screen. Some scareware is designed so that any of those buttons can activate the program. If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

Lastly, make it a practice not to click on any links within pop-ups.

The FBI recommends that you take precautions to ensure your operating systems are updated and your legitimate security software is current. If you receive these anti-virus pop-ups, close the browser or shut down your computer system. Run a full anti-virus scan whenever the computer is turned back on.

Call me today at 262-203-4459 and I will clean up, tune up and speed up your entire system so your computer can run like new again. Guaranteed.

{ Comments on this entry are closed }

Spread Firefox Co-Founder Slams Tech Giants for Stealth Plug-Ins

Spread Firefox's Asa Dotzler

Spread Firefox's Asa Dotzler

Asa Dotzler, co-founder of the Spread Firefox project, is more than a little miffed at Apple, Google, Microsoft, and RockMelt for installing plug-ins into Firefox without first asking for permission from Web surfers.

Dotzler made the stealth plug-in discovery when he installed software like Apple iTunes, Google Chrome, and Windows Live Photo Gallery.

“When I installed iTunes, in order to manage my music collection and sync to my iPod, why did Apple think it was OK to add the iTunes Application Detector plug-in to my Firefox web browser without asking me?” he asked in a blog post.

“Why did Microsoft think it was OK to sneak their Windows Live Photo Gallery or Office Live Plug-in for Firefox into my browser (presumably) when I installed Microsoft Office? What makes Google think it’s reasonable behavior for them to slip a Google Update plug-in into Firefox when I installed Google Earth or Google Chrome (not sure which one caused this) without asking me first?” he asked.

Firefox stealth plug-in and extension security issues

Microsoft, Google and Apple install plug-ins without user's permission

Dotzler compared the companies to those that manufacture malware, as a secondary software installation occurred without user permission.

“These additional pieces of software installed without my consent may not be malicious but the means by which they were installed was sneaky, underhanded, and wrong.”

The Firefox advocate had some strong advice for the offending companies. “Microsoft, stop being evil. Apple, stop being evil. Google, stop being evil. And you upstarts like RockMelt, don’t follow in those evil footsteps.”

RockMelt, Microsoft, and Apple did not immediately respond to a request for comment. A Google representative said the Firefox browser plug-in is simply Google Update, which automatically pushes software updates to Google products. The representative stated that Google utilizes this method as a non-intrusive way to deliver updates, and that it doesn’t constantly run, eating up CPU resources.

Update: A Microsoft spokesperson replied to our inquiry with the following statement: “We use web/open standards where possible. To reach as many customers as possible with our web experiences, we use HTML/JS/CSS and try to avoid plug-ins. Office Web Apps are a great example of this. Sometimes we need plug-ins to enable key features. For example, Silverlight improves animations in PPT web app, Office 2010 plug-in lets people switch from web editing to Office 2010 on the desktop to do video editing etc.”

Dotzler’s blog post was first reported by The Register.

{ Comments on this entry are closed }

Watch Out For Fake Virus Alerts

Watch out for fake virus alerts

Watch out for fake virus alerts

Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.

How does rogue security software get on my computer?

Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the Web.

The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.

Need affordable virus and malware removal? Call me at 262-203-4459.

Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.

What does rogue security software do?

Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Some rogue security software might also:

  • Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
  • Use social engineering to steal your personal information.
  • Install malware that can go undetected as it steals your data.
  • Launch pop-up windows with false or misleading alerts.
  • Slow your computer or corrupt files.
  • Disable Windows updates or disable updates to legitimate antivirus software.
  • Prevent you from visiting antivirus vendor Web sites.


Rogue security software might also attempt to spoof the Microsoft security update process. Here’s an example of rogue security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.

Example of a warning from a rogue security program known as AntivirusXP.

Example of a warning from a rogue security program known as AntivirusXP.

For more information about this threat, including analysis, prevention and recovery, see the Trojan:Win32/Antivirusxp entry in the Microsoft Malware Protection Center encyclopedia.

Here is the legitimate Microsoft Windows Security Center:

Screenshot of legitimate Microsoft Windows Security Center

Screenshot of legitimate Microsoft Windows Security Center

To help protect yourself from rogue security software:

  • Install a firewall and keep it turned on.
  • Use automatic updating to keep your operating system and software up to date.
  • Install antivirus and antispyware software such as Avast! Antivirus and keep it updated.
  • If your antivirus software does not include antispyware software, you should install a separate antispyware program such as Windows Defender and keep it updated. (Windows Defender is available as a free download for Windows XP and is included in Windows Vista.)
  • Use caution when you click links in e-mail or on social networking Web sites.
  • Use a standard user account instead of an administrator account.
  • Familiarize yourself with common phishing scams.

If you think you might have rogue security software on your computer:

Scan your computer. Use your antivirus software or do a free scan with Windows Live safety scanner. The safety scanner checks for and removes viruses, eliminates junk on your hard drive, and improves your PC’s performance.

Need help with virus and malware removal? Have questions about computer cleanup and system optimization? Call me at 262-203-4459. Or you can contact me here.

{ Comments on this entry are closed }

← Previous Entries