Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Antiviruses


  • Please log in to reply
3 replies to this topic

#1 diolge

diolge

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 16 July 2014 - 05:42 PM

Why doesn't normal security software detect or prevent rogue antiviruses?



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:13 AM

Posted 16 July 2014 - 07:47 PM

It depends on the type of Rogue Antivirus.

Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Rogue security programs do not fall into any of those categories and that is the primary reason some anti-virus programs do not detect or remove them. They typically infect infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware.
 

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

What is Social Engineering

Rogue security programs are more often detected by anti-malware software which tends to focus more on spyware, adware and PUPS (potentially unwanted programs).

Keep in mind that anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Although they look for and remove different types of malicious threats, there can be some overlap in functionality and detection features depending on the program's scanning engine and how the vendor defines a specific threat. Every security vendor's lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware.

Further, Anti-virus software is inherently reactive...meaning it usually finds malware after a computer has been infected. It also takes time for new threats to be reported, samples collected, analyzed, and tested by anti-virus researchers before they can be added to database definitions.

Did you have anything specific in mind?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 diolge

diolge
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 18 July 2014 - 02:41 AM

Thanks very much for your excellent answer, BJ. The reason I asked is because it has been puzzling to me, when removing rogue antiviruses from people's computers, that I could do so with Malwarebytes Antimalware, while fully updated versions of Nortons and other common security suites would neither remove nor even detect the same malware.

 

Thanks again.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:13 AM

Posted 18 July 2014 - 04:36 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users