A new trend in 2010 has been the creation of fake fake anti-spyware programs as a way for script kiddies to show off their supposed skills. You might wonder why I called them fake fake anti-spyware programs. This is because these programs are not being created to make money, like a normal rogue, but are rather created to emulate one so these kids can show off.
Recently we have seen a bunch of programs being promoted through youtube that state that they are anti-spyware programs. In reality, though, when they are installed they are cheap imitations of rogue anti-spyware programs. What was even more strange is that when we first started analyzing them, when you clicked on the registration page it didn't go anywhere. As more and more of these rogues were released, and as none of them seemed to be motivated to make any actual money, it was determined that these rogues were being released solely for script kiddies to show off their skills.One thing about true rogues, as I call those that are created for monetary gain, is that in many ways they are elegant, sophisticated pieces of software that look appealing to the eye. These script kiddy rogues, though, are anything but that. There are spelling mistakes everywhere, GUIs that look like they have been chopped up and integrated from various rogues, and behaviour that does not match what a button may indicate. It is also theorized that some of these rogues are not even being created by hand, but rather being churned out through a Virus Maker programs that contains a Fake Alert/AV template.
Just because these are copycats does not mean, though, that they do not pose some risk to users. One of the first of these that I analyzed was called AntiVirus and was released around March 26th, 2010. I wrote a guide
on it and surprisingly there are over 4,000 views of it. Therefore, this fake fake rogue must have been circulating somehow and infecting users. When analyzing this creation, it felt off. For example, the ransom note gave an email of firstname.lastname@example.org and said to send them $5 to remove the infections the rogue found. Its rare that we see ransoms like this with rogue software and when we have they are typically more sophisticated like FileFix Professional
The writer of the Anti-Virus rogue was even contacted at the above email and sent a response further confirming that these are just script kiddies at play:
"it was a simple project that I posted on my youtube channel... Other ppl have been using though and distributing it.. im sorry if you got infected,"
Further searching on youtube.com
generates a long list of videos where other people are showing off their "skills" at creating fake viruses, including rogues. As if we did not have enough on our plate with the amount of new malware generated per day, we now have to deal with kids, with way too much time on their hands making more viruses and more work for us.
Some examples of these types of rogues that have been released are Anti-Virus, XP Micro Antivirus, and User Antivirus 2010.