Rogue security software programs refer to what we also know as “fake antivirus.” It is a malicious program that tricks users into thinking their computers are infected by malware so they would buy the software.

A rogue security software doesn’t protect against cybersecurity threats. It is, in fact, a piece of malware, specifically a scareware, that displays fake warnings to fool users into paying for nonexistent antivirus solutions.

Other interesting terms…

Read More about “Rogue Security Software

Fraudsters prevalently used rogue security software or fake antivirus or fake AV malware in the 2000s. Users typically had to pay for the supposed antivirus to get rid of the infection, which is unreal.

We’ve seen many rogue security software over the years. Examples of them are featured below.

Sources: [1] Securelist, [2] PCrisk, [3] Bitdefender, [4] ESET Knowledgebase

These rogue security software issue a warning like this to start the scam:

Source: https://www.bitdefender.com/blog/hotforsecurity/new-scareware-campaign-tricks-users-with-fake-antivirus

How Do Computers Get Infected with Rogue Security Software?

Rogue antivirus software can get to computers via different means, including:

  • Spamming: Fraudsters send spam emails with embedded links to rogue security software download pages.
  • Posing as real antivirus: Hackers create fake antivirus download pages that users looking to purchase one may choose from among search results.
  • Posing as codecs: Many rogue antivirus software come in the guise of codecs users are asked to download and install to play a video. A codec is a device or program that encodes or decodes a data stream or signal. As such, some videos may require specific codecs to be viewed.
  • Blackhat search engine optimization (SEO): More experienced cybercriminals make their rogue security software download site links appear as top search results for antivirus software.
  • Using social networking site ads and malvertisements: Many rogue security software operators use ads to push fake malware infection alerts to victims’ computers.

How Do You Know If Your Computer Is Infected with Rogue Security Software?

The first sign of rogue security software infection is the appearance of a pop-up window showing a malware infection warning. You won’t be able to close the window, forcing you to purchase the fake antivirus to get rid of nonexistent malware infections.

How Have Rogue Security Software Evolved?

Did you know that ransomware evolved from rogue security software?

Rogue security software improved a lot over time. Security professionals have, in fact, seen 11 fake antivirus generations so far, which we described in the table below.

GenerationDescription
First generation: AdwareUsers manually install the malicious program, which acts like legitimate antivirus solutions.
Second generation: Self-InstallersUsers may unknowingly download the rogue security software when they visit malicious or compromised sites.
Third generation: ScarewareUsers see infection warnings pushing them to download and install the malicious software.
Fourth generation: Dynamic-Link Library (DLL)Users unknowingly install a malicious DLL file posing as a security software codec onto their computers.
Fifth generation: RansomwareThe rogue security software holds the users’ files hostage and lets them go when the victims pay for the fake antivirus.
Sixth generation: Blackhat SEO Fake AntivirusCybercriminals poison popular sites to infect visitors’ computers with rogue security software.
Seventh generation: Language Server Protocol (LSP) ModifiersThese rogue security software prevent users from visiting certain sites by displaying fake security alerts.
Eighth generation: Shell Spawning Fake AntivirusThese fake antivirus solutions automatically execute once remote servers detect system infection using a shell.
Ninth generation: Adult Site-Related Fake AntivirusThese rogue security software force infected computers to visit adult sites before issuing warnings.
Tenth generation: RootkitsThese fake antivirus gives hackers the ability to control infected computers.
Eleventh generation: macOS and Social Media-Distributed Fake Antivirus Before this generation, rogue security software only ran on Windows computers. By this time, hackers also began distributing fake antivirus on Facebook.

How Can You Defend against Rogue Security Software?

Downloading and installing rogue security software is avoidable if you follow these best practices:

  • Never click links embedded in or files attached to emails from unknown senders.
  • Avoid visiting untrustworthy sites at all costs. They may host fake antivirus that automatically gets downloaded and installed on your computer.
  • Never download and install software from unknown sources.
  • Always download and install the latest security patches from your software vendors.
  • Use real antimalware solutions. These can detect all kinds of malware, including fake antivirus.

Rogue security software plagued tons of users in the past. That doesn’t mean they no longer exist, though, so always be cautious when surfing the Web.