Rogue software floods anti-spyware market

Harmful programs outnumber legitimate software by four to one.

Malware writers are flooding the market with rogue anti-spyware applications in an attempt to steer consumers away from genuine security software and make money from selling bogus applications.

Download service Snapfiles told VNU that the rogue applications outnumber genuine software by a factor of four to one.

Snapfiles hosts free and trial applications for consumers to download, and claims to reject any software that fails to deliver the promised functionality or causes harm to a system.

Download site Tucows confirmed the figure, saying that it too rejects about four-fifths of the anti-spyware programs it receives from developers.

Rogue anti-spyware programs present themselves as legitimate security solutions, but have no intention of ridding a user's system of malware.

Instead, the application scares the user with false test results, fails to get rid of existing spyware infections, and in some cases even infects the system with additional pieces of spyware and adware.

Users whose systems have been infected with spyware typically form an attractive target for distributors of rogue products.

Ben Edelman, an assistant professor at the Harvard Business School, and an established adware and spyware researcher, said that the spread of rogue anti-spyware is "a huge problem".

He argued that the problem is caused by networks of affiliate websites and advertising networks.

The affiliate sites are often constructed by rogue anti-spyware vendors to resemble objective review sites that fool users into thinking that they are downloading an independently verified product.

Advertising networks, meanwhile, help the criminals advertise their wares. By accepting ads from the vendors, otherwise respectable companies are aiding the spread of rogue anti-spyware, Edelman charged.

However, the connection between advertising networks and rogue anti-spyware is not so simple, according to independent spyware researcher Sandy Hardmeier. 

Just like the users themselves, advertising networks often get duped by the rogue vendors, she claimed.

New advertising content, commonly referred to as 'creative', has to be approved by the advertising networks before being admitted to the network.

"But the rogue affiliates use bait and switch to swap out their creative once their affiliate account is approved," Hardmeier told VNU.

"It is proving to be quite a challenge for the advertising networks to detect such activity."

Edelman singled out ValueClick as a repeat offender in running advertisements for rogue security applications.

John Ardis, vice president of corporate strategy at ValueClick, admitted that some rogue software had slipped through its net.

But he stressed that the company's peers are suffering from the same challenges and pointed out that ValueClick has processes and filters in place that attempt to prevent the practice.

"It would be disingenuous for me or any company in our space to say that we have never had any instance of that," Ardis told VNU. "Utter 100 percent [blocking] is an illusion."

Ardis said that progress has been made in recent years, but likened the competition between advertising networks and rogue vendors to an arms race as each side try to match the other's ability to detect and evade.

In addition to efforts by the advertising networks, the security community is also battling rogues with public information and legal efforts.

The State of Washington has filed charges against rogue vendors, while user-driven sites such as Spyware Warrior maintain databases of rogue vendors and sites that deal in rogue software. 

Edelman urged users to rely on a trusted download site or a major security provider for anti-spyware software.

Despite the advances, however, Edelman and Hardmeir agreed that rogue anti-spyware remains a widespread problem and that users should remain vigilant.

Copyright ©v3.co.uk