Rogue antivirus software is a malware that pretends (and acts) like an antivirus software. However, in reality it simply downloads malicious software on your system and displays false detections of viruses on the computer. After displaying this, the rogue antivirus software scares and convinces users into paying fees to clean these ‘detections’. With such tactics to trap users, rogue softwares have been an indivisible part of malware ecosystem. Some of such fraud antivirus softwares are the Win32/FakeRean and Win32/SpySheriff that are active since 2007 and still making revenue.
However, Microsoft’s Malware Protection Center’s recent study shows that the usage of the rogue antivirus software is dropping significantly. The graph below is the result of this study that shows the overall trend of rogue antivirus software family for last one year (Aug’13 to Aug ’14).
As can be seen in the graph, the usage of the rogue antivirus software family, such as Win32/FakePAV, Win32/OneScan, Win32/FakeXPA and Win32/Winwebsec has gone significantly low in the year 2014.
It’s pretty surprising to see the trend going lower and lower. But Microsoft states the reason behind this downfall:
“It’s likely this has happened due to the antimalware industry’s intense targeting of these rogues in our products, and better end-user awareness and security practices. In particular, greater education about the social engineering technique the rogues use, and the large number of legitimate, free antivirus products available on the market appear to have had an impact on a user’s willingness to pay for such pests.”
So, actually, the free-of-cost availability of genuine antivirus software in the market has been the major driving force behind the drop of incidences of rogue antivirus software.
Rogue software always use different name combinations and brandings to hide their tracks and avoid detections by genuine antivirus programs. However the recent updates in antivirus programs, this covering is not working anymore. Hence, now-a-days, the rogue softwares are using other tricks to catch users’ attention towards them. Microsoft mentions that,
“In the past we’ve regularly seen rogues use the hosts file to block access to a legitimate security product’s websites to deny users protection against the threat…Rogue Win32/Defru has a different and simpler approach on how to trick the user and monetize on it. Basically, it prevents the user from using the Internet by showing a fake scan when using different websites.”
At the ending note, Microsoft mentions that there are genuine, reliable yet free security programs such as Microsoft Security Essentials. Users should always do a thorough investigation about the authenticity of the antivirus program that asks you to pay for it.