Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Riskware Information Pages: Rogue:W32/Rogue antispyware
[Summary] | [Additional Details]

Name : Rogue:W32/Rogue antispyware
Detection Names : Trojan.Win32.Fraudpack.gen
Type:Rogue
Category:Riskware
Platform:W32
Author:N/A
Website:N/A

Summary
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Back to the Top

Additional Details
Rogue antispyware is difficult to define as the intentions of the group vary. Typically, the products claim to be a legitimate antispyware application, but are in fact nothing more than an inexpensive clone of unreliable software. Rogues are often repackaged and given new names. Many of the applications use very questionable sales tactics and the quality of their product is suspect. They can be deliberately fraudulent, or just substandard products that present false information.

Many rogue applications present outright false positives as a means to alarm computer users into buying their application. Others present false positives due to bugs in the software's code, not because of an outright lie. Code corrections can move a suspected rogue off the antispyware detection lists.

Deceptive or high-pressure sales tactics may also be used to convince users into buying a license. Users will be told that they need to buy protection even if there is nothing dangerous found. Free scans are offered but a license is needed before any dangers can be removed. Free, fully functional trial periods are usually not offered.

Spyware or other malware sometimes silently install rogue antispyware, which then offers to remove the spyware. Trojans and toolbars are other sources prompting for rouges to be installed. Affiliate marketing programs are often used to sell rogue antispyware. Every time an affiliate product is installed and sold, a commission is paid. The result is a strong pressure to sell, by any means necessary.

Screenshots
The screenshots shown are examples of a false positive. The product in the example is no longer available for download via the Internet.

Example - Scan Report:



The scan report is typical in its declaration of danger.

Example - Threats Found:



Note the misspelling of threats as "threads". The two files listed are common and are found on any installation of Windows. They are text files that contain configuration information for Windows. They are not executable programs.

Example - Demo Doesn't Remove:



Detecting problems in the demo, but requiring a license to remove those problems is typical for the family.
Back to the Top



F-Secure Corporation

Last Modified: September 03, 2008