Bogus Spyware Protection
Here's an unfortunate twist for those of us who aim to protect users with reminders to have strong passwords, watch out for phishing messages and use anti-spyware/virus products. A recent crop of misleading malware protection applications is aimed at the (relatively) security aware Windows user, who knows that having anti-malware protection and doing frequent scans for threats is a good idea.
The bogus software products have catchy names like SpywareProtect2009, Antivirus360, SpywareGuard, SystemGuard2009 or MalwareDefender 2009 and often sport a familiarly looking shield that make them look like an official Microsoft product.
The products claim that the user's computer is infected with malware, producing pop-up warnings like "Spyware Alert!" and "Vulnerabilities Found", and prompting the user to install their rogue security products. In another variation, the user is tricked into purchasing a fully licensed version of the product in order to remove the security threats (usually false or exaggerated) that its scan supposedly detects.
The result of installing such software? It can cause a severe performance hit as well as possibly put the victim's privacy and data in risk. The other bad news is that these fake anti-spyware products are a real bear to remove. Not surprisingly, the internet is full of "Spyware Protector Removal" programs.
Because the bogus anti-spyware products are so insidious, should a user become infected, we recommend backing up any critical files and doing a full system reinstall. The best prevention is to remind your users to use Brown-approved anti-malware products (found at http://software.brown.edu/dist/tw-av.html), keep them updated and perform regular scans.
For more information about some of these examples, see:
- Win32/FakeSpyguard (may also attempt to imitate the Microsoft Windows Security Center)
- SpywareProtect 2009
- Spyware Protector
- See also Microsoft's "Malware Protection Center" for a full listing of threats and removal tips