Propagation
Rogue security software mainly relies on social engineering (fraud) to defeat the security built into modern operating system and browser software and install itself onto victims' computers. A website may, for example, display a fictitious warning dialog stating that someone's machine is infected with a computer virus, and encourage them through social engineering to install or purchase scareware in the belief that they are purchasing genuine antivirus software.
Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:
- A browser plug-in or extension (typically toolbar)
- An image, screensaver or archive file attached to an e-mail message
- Multimedia codec required to play a certain video clip
- Software shared on peer-to-peer networks
- A free online malware scanning service
Some rogue security software, however, propagate onto users' computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or email clients to install themselves without any manual interaction.
More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising.
Cold-calling has also become a vector for distribution of this type of malware, with callers often claiming to be from "Microsoft Support" or another legitimate organization.
Read more about this topic: Rogue Security Software