It is important to note that when we call a program a rogue, we are referring to one that is an actual computer infection and not one that is just misleading or does a bad job cleaning. These infections display the typical fake alert and scan results, but also take your computer hostage, change system settings, terminate processes, create fake files, or are installed by malware.Security Shield is one of these types of infections as it bundled with other malware, displays false alerts, false scan results, terminates processes, and hijacks Internet Explorer.
Rogue anti-spyware programs are normally broken up into families, with each rogue in the family essentially being the same program but with a different user interface and name.Security Shield is part of the Rogue.WinWebSec family of rogues that includes other heavy hitters such as Security Tool, System Tool, and MS Removal Tool. With over 760 rogues cataloged in our virus removal section, we have learned that you can determine how strongly a particular rogue is being distributed by the amount of views that the particular rogue's removal guide receives. In terms of total views, the Rogue.WinWebSec family is by far the most prolific with a total of 5,795,128 views for this family.The second largest are the rogues that are part of the Rogue.FakeXPA, which includes XP Antivirus, that have 4,429,320 combined guide views.
Though Security Shield is not the largest campaign from this family by any means, it still has had a strong distribution with over 600 thousand views of its removal guide. As you can see from the list below, this rogue family typically releases one heavy hitter every 6 months to a year, which gets large distribution. The family then releases a couple more variants throughout the same year, which do not get nearly the same amount of play.
|Rogue Name||Date Released||Views|
|Windows Smart Security||10/09/2009||7,389|
|System Adware Scanner 2010||12/15/2009||6,244|
|Security Shield 2012||12/07/2010||617,599|
|MS Removal Tool||03/27/2011||897,129|
|Personal Shield Pro||06/09/2011||69,944|
|Security Sphere 2012||09/29/2011||12,2171|
|Smart Protection 2012||02/22/2012||17,623|
|Smart Fortress 2012||02/27/2012||40,469|
Security Shield's largest distribution was when it was first released in December 2010. Then from March 2011 through December 2011 there was a lull in distribution. In January of this year, though, we are seeing a large increase in search queries related to this rogue, which has now been rebranded as Security Shield 2012.The amount of page views for the Security Shield removal guide has also increased dramatically here at BleepingComputer, which corroborates what we are seeing in the Google Trends's chart for the search phrase "Security Shield".
Google Trends Chart for the Security Shield Search Phrase
Even though Smart Fortress 2012, the latest Rogue.WinWebSec variant, is still being promoted, it appears that the developers behind this family are continuing to strongly pushSecurity Shield. Whether they will continue to distribute Security Shield is unknown at this point. What we do know, is that Rogue anti-spyware programs are making a comeback and are unfortunately here to stay. They are just much too profitable for the criminals to abandon this type of cybercrime.
To protect yourself, make sure you never click on pop-ups stating that you are infected, have all your Windows updates installed, and make sure all your computer programs are up-to-date by using a program like Secunia PSI. Just these three steps will dramatically reduce your exposure to these types of infections.If you have unfortunately already been infected with the Security Shield 2012 malware, then please use the removal guide below.