Anti-malware Malware

March 1st, 2013

Beware the malware that disguises itself as anti-malware, often known as Rogue Security Software.

tl;dr – What You Need to Know

We have never and will never develop malware (you can see our latest results from virustotal – image below) and you should never, ever, ever install another piece of software should you wish to remove one of our applications. We provide very easy to follow removal instructions and are always happy to be of assistance should anyone wish to contact us. Google’s search results are filled with websites claiming that our software is ‘malware’ in order to scam you into installing, and eventually paying for, their Rogue Security Software. Don’t be a victim.

Avoiding potentially malicious programs while navigating the sea of computer software has never been easy, especially in the age of internet-fueled applications that hijack browsers, generate pop-ups, insert advertisements, track behavior and steal personal information in addition to many other unsavory things. Frustrated users seeking relief will inevitably search for anti-malware applications to rid their computers of such afflictions, which is a perfect opportunity for malware claiming to be anti-malware to attack an unsuspecting user.

Often called “scareware” or “ransomware”, these programs will purportedly scan a user’s computer for malware, report hundreds if not thousands of “infections” (which we have seen on completely clean machines) and then offer to “remove” them for fee. Here is a brand new machine:

Programs & Features Window from the Control Panel of Completely Clean Machine Programs & Features Window from the Control Panel of a completely clean machine

When scanned with a popular anti-malware application it detected 199 “potential threats!”:

199 "Potential Threats Detected!" on a completely clean machine 199 “Potential Threats Detected!” on a completely clean machine

The download and scan were free but their goal is clearly to get users to “Buy Premium.”

Distribution is achieved through aggressive SEO by going through directories of software applications and then building a webpage for each one with “removal instructions” which inevitably involve installing their anti-malware malware. To optimize the pages for search engines they label every software application as a “virus” or “malware”, even when it is not, and then insert “while technically not a virus…” language to prevent libel. Even if the anti-malware software is legitimate, this is still a winning strategy for distribution. Surf Canyon has naturally been a victim of this, but so have Yahoo’s toolbar and Bing’s toolbar, both of which are obviously neither viruses nor malware. We’re not going to link to any anti-malware malware sites for fear of further increasing their popularity, but here is a screen shot from one of the most popular:

yahoo toolbar virus

Certainly there exists real malware in the world, and unfortunately quite a bit of it. Furthermore, it’s often difficult to remove these programs and so having anti-virus or malware protection offers real value. Like many things on the internet, users need to be wary; fear of malware can be exploited as easily as ignorance of it.

Surf Canyon is Perfectly Clean Surf Canyon is Perfectly Clean

P.S. It is worth noting that many small developers making legitimate user-focused friendly software suffer from this problem.

Tags: - Top Posts - Tutorials