More Rogue Antivirus/Antispyware Programs

The list of these programs continues to grow. As one shuts down, 3 more appear. Where do you get these types of programs? That's easy! Many people who are trying to get "free" program licenses through free serial websites will run into apps that claim they are keygens. For example, this website
In the middle, you can see clearly a list of programs that they claim to offer free serial keys for. The problem is that instead of providing simply a serial number, they bundle a little application and tell you to install a key generator. You will see some screen like this one:


From this screen - instead of receiving a serial key like people expect, they get some fake key generator that will install all kinds of malware on their systems (typically Virtumonde and a few rogue apps). The very simple solution to this problem is to not look for serial keys. The second suggestion is to not mess with key generators from sites that claim to give you free serial keys to unlock programs.

If you really want avoid the hassle of the rogue programs, just be smart about where they come from and don't go there.

Why Registry Cleaners Are NOT Security Software

By Everett Ulbricht Whizzo Technologies CEO



When you browse the internet, you may come across a popup message like the message above telling you that your security software is somehow lacking and should be updated. Don't be fooled. For some reason, registry cleaners have taken on a life of their own with claims from everything to optimizing your computer to removing spyware and viruses. The truth is, these registry cleaners do nothing in the way of real security. But they convince people that they are missing out, and are vulnerable to attacks and all kinds of other dubious claims, while in fact, these programs are themselves sometimes part of a spyware installation package that does much more harm than good. But the recent appearance of these falsely advertised "security" programs has snagged more than a few unknowing customers into thinking they had problems and needed to buy the registry scanner for real protection. Let's take a look at registry scanners to find out some cold hard facts about what they are and what they are not.


What registry scanners are

Let's first take a look at what registry scanners actually do. Many people love these programs because they help clean up leftover registry junk. When a program uninstalls (McAfee and Norton products are notorious bad about this) sometimes items are left behind in the system registry. You might find thousands of leftover unused keys, values and data left from programs that were removed years ago. Is this a problem? Not typically. Problems can occur if you have removed a program for example, and there is a leftover registry value in a startup location. This would tell Windows to automatically start the program when you boot up your computer, but if the program has been removed, then the computer will try to start it, but nothing will happen. Usually this is followed by an error message indicating that a program could not be started. The most annoying part of this is that once you shut down the computer and start it up again, you will continue to get the same annoying message saying that the program could not start. This is where registry cleaners might come in handy. They scan through your system registry for items like this that have been left behind by programs that were removed. In this situation, registry scanners can be a good thing. They simply remove leftover junk.


What registry scanners are NOT

While surfing the internet, you run across a website like this one from misleading security application RegAuditor which claims that "Registry Auditor gives you a quick look at the Adware, malware and spyware installed on your computer including parasites and trojans." At the top of their webpage it says in big bold letters "Registry Adware - Spyware Scanner" What the average computer user will think is that this is a security program that will find and eliminate unwanted viruses and spyware. But, this scanner does not look for viruses, spyware or any sort of adware on your computer. it is not a security program and will not find any spyware or adware at all. Instead, what it does is look for leftover junk in the system registry. In fact, our in-house testing of this product RegAuditor found that it didn't detect even 1 single adware trace on a heavily infected test system. The claim that a registry cleaner is a spyware, adware or even virus scanner is equivalent to saying that by washing your car you are giving it a tune-up. The claim simply isn't true. These registry scanners clean leftovers (some better than others; we recommend Registry Polish) but they do not scan for adware, spyware or viruses.


How they install themselves

To best understand how many of these registry scanners seem to suddenly "appear" on your computer, I refer you back to the post on social engineering and how popup messages and the like fool people into thinking they are infected and must "click here to fix problems detected" and other misleading ways. From this popup message, you might think your system is about to crash and that you have major problems. But these are the types of methods used to lure people into installing the software on their computers. Often, the software comes bundled with other unwanted items including spyware and/or other rogue applications. The best advice at this point if you see one of these popup messages and are unsure about it's authenticity to do some research on the program name on Google ask a computer technician to assist you.


Conclusion

While registry scanners definitely have their uses, removing malware is not one of them. Don't be fooled into downloading and purchasing a spyware application in hopes of it cleaning, repairing or somehow saving your computer from the brink of utter destruction. Taking out the trash is not remodeling your home, and neither are registry scanners security applications.

The Worst Malware Threat: Social Engineering

by Joe Fryer, Whizzo Technologies CTO

“Critical System Error!” “Spyware Infection Detected!” “Danger: possible spyware infection!” “Click here to scan your computer for free!”

Sound familiar? Those are the alerts of rogue Anti-Virus or Anti-Spyware programs, constantly nagging and prompting you to buy their software. Claims of massive spyware infections and messages that mimic Windows alerts fool thousands of people into buying their software. I can’t tell you how many times a customer would call and tell me that they had spyware on their computer. So I would say, “How do you know that you have spyware on your computer?” and they would usually reply with, “Well, there is this little icon in the corner of my computer that keeps popping up telling me I am infected!” This always produced a chuckle from me and then I would tell them to bring their computer in and I would clean the infection from their computer.

Of course, after I was done cleaning up the computer the customer always asks, and I mean always, every single time, without fail, “How do I keep this from happening again?” “Stop looking at porn!” I think to myself, or worse, “Tell your kids to stop looking at porn!” There’s a conversation most parents would like to skip! But of course I don’t say that out loud. Plus, that’s not the only way people get infected, but it does account for quite a bit. No, instead I just talk about how they need to be careful which websites they visit, tell them to use an alternative browser instead of Internet Explorer, and recommend a good security suite – like this one here! Shameless plug, I know, but hey, like Garth Brooks, I’m shameless. Anyway, lately I have been quoting Star Trek lines to some of my customers, something like, “Well, you just need to re-route auxiliary power to the port necell and that should stop your computer from getting infected”. This always elicits a blank stare and sometimes I get a, “How do I do that?” which always makes me smile and then I tell them I’m just kidding and explain how they may have been infected and how to avoid it in the future.

After having this same type of scenario play out again and again, I can see the massive impact that these malware companies are having on the customer, essentially tricking them into buying their software. These malware programs incorporate messages and graphics that look surprisingly similar to common Windows alerts. This is an example of how social engineering is spilling into the malware market.

Social engineering is really just a bunch of techniques used by a person to obtain sensitive information. Generally they play on people’s weaknesses and the general human trait of wanting to help others. The attacker then uses this information to breach security. Social engineering has been used for decades with over the phone scams, and with the Internet being so widely used it is very common in emails and spoofed websites. Here is an example of some methods used by social engineers to trick people:

• The attacker pretends to be a legitimate end-user who is new to the system or is simply not very good with computers. The attacker may call systems administrators or other end-users for help. This "user" may have lost his password, or simply can't get logged into the system and needs to access the system urgently. The attacker may sound really lost so as to make the systems administrator feel that he is, for example, helping a damsel in distress. This often makes people go way out of their way to help.
  
  
• The attacker pretends to be a VIP in the company, screaming at administrators to get what he wants. In such cases, the administrator (or it could be an end-user) may feel threatened by the caller's authority and give in to the demands.
  
  
• The attacker takes advantage of a system problem that has come to his attention, such as a recently publicized security vulnerability in new software. The attacker gains the user's trust by posing as a system administrator or maintenance technician offering help. Most computer users are under the mistaken impression that it is okay to reveal their password to computer technicians.
  
  
• The attacker posing as a system administrator or maintenance technician can sometimes persuade a computer user to type in computer commands that the user does not understand. Such commands may damage the system or create a hole in the security system that allows the attacker to enter the system at a later time.*

* (Erik Guttman, Lorna Forey, & G. Malkin)

These types of attacks are generally used by hackers to get access to some company or agency that they want to attack. What is interesting to me is how these methods are starting to be used by so called anti-malware companies to try and fool people into buying their products.



Recently I ran across a rogue anti-spyware program called Ultimate Cleaner and they had this fantastic security window that just made my day. Here is what the window looks like:

I love how much this looks like Windows Security Center:

So what the heck is the point to all this you ask? Well, my point is this. If you’re a computer tech make sure to tell people about social engineering so at least they are aware of it. I know the temptation is strong to just say some smart ass comment and be done with it, but people need our help and advice so give it to them in terms they can understand. Show them this blog if you must, so they can at least see a picture of what social engineering looks like in the real computing world. And if you are an end user, well, stop looking at porn! Just teasing you, instead be wary when you see a system alert. Familiarize your self with Windows enough so you know what a real alert looks like. If you have any question about a particular alert run your anti-virus/anti-spyware software, then contact a tech shop with computer guys that you trust and they can tell you if the message is fake or not.

Now, the reality check. Some people might consider the following a pessimistic view and to them I say just drink your half empty glass of happy juice and enjoy getting infected with malware! Anyway, I meet a lot of people who think malware will stop with the next operating system release. I meet a lot of people who say this particular software or that particular software will put an end to the madness that is spyware. I meet a lot of people who say education is the key; we just need to teach people how to use their computers. But the real, totally lame truth, is that malware will continue to persist because of social engineering. There really isn’t a cure that stops people from getting taken advantage of. That doesn’t mean that we shouldn’t try, it just means that we need to accept the fact that thousands of people will enter their bank account information into an email that looks like it came from US Bank. Thousands of people will click on an alert to install software just because it tells them to. Thousands of people will give money to some guy in Africa because he is the executor of some dead guy’s estate, but he needs to funnel the money through a U.S. partner. Hey, maybe you could be that lucky! If you liked this blog please send one dollar to me to help fight against social engineering!


References: Erik Guttman, Lorna Forey, & G. Malkin, Users' Security Handbook, Internet Engineering Task Force, July 1998 draft. http://www.ntc.doe.gov/cita/CI_Awareness_Guide/V1comput/Social.htm

AVSystemCare (WinAntivirus Pro)

For the past few years we have seen a strong rise in the number of rogue antispyware and rogue antivirus programs.  WinAntivirus Pro and WinAntispyware were among the most notorious.  now we are seeing a new rise in AVSystemCare which is a winantivirus knockoff.  This program does not appear to be as difficult to remove as WinAntiVirus Pro however, it installs itself through the exact same spyware channels.  Although this program looks legitimate, it most definitely is a rogue application.

A quick look at their website reveals some false information about their company:

"The Company has a team of highly experienced staff including programmers, analysts, programmers, testers, engineers, support, and call center representatives who have a vast experience in providing the first-class services. Our company is oriented on satisfying needs of customers and we are constantly studying your preferences to develop and implement innovative features and techniques which would make your work with our product easier and effective."

The bad English along with the lack of any such call center for customer support indicate that this company is not telling you exactly what's going on with their software and company.  These red flags are an early warning to stay far away.  

Whizzo CleanSuite Ultra which includes SpyJacker safely removes this rogue program from your computer.