ROGUEWARE is a descriptor for an exploit that usually falls under the category of scareware. It involves an attacker or software product manipulating (or scaring) users into believing their device is infected with a virus. This leads to users either paying for bogus software, or installing a “free version” of it. The latter approach introduces even more malware into the user’s system just as soon as they initiate the download.
Rogueware is easily accessed on the seediest parts of the Internet, like piracy websites that offer free access to movies, and landing pages which display questionable advertisements. Should a user’s operating system be equipped to block these bad requests, some domains may still be able to disseminate and install keyloggers, packet sniffers and other snooping tools for better opportunities to gain access down the road.
The Spread of Rogueware
In addition to the aforementioned traits, Rogueware particularly thrives on websites that rely on blind advertising. These are domains that do not screen the type of advertisements published on their public-facing pages. The threat is introduced through large, alarming pop-ups that suggests that malware has been installed on the user’s device. Novices will usually take the bait, click on the link provided, and be redirected to the website hosting the rogueware.
Alternatively, the authors of these malicious ploys may trigger direct downloads (DDLs) of toolbars, or even trick the user into installing unsolicited add-ons. These mechanisms offer a more subtle route into the user’s system. They often remain hidden as browser readers and other web utility programs, when in actuality, they are Trojans waiting to be invoked. This is done by either duping users into clicking on targeted advertisements, or by implementing drive-by downloads, which doesn’t require user input at all.
Malvertising and Black Hat SEO
A hacker will go to great lengths to see a money scheme all the way through. In the case of web-based rogueware, any toolbars, extensions or plug-ins made specifically for browsers will often make use of a technique known as SEO Poisoning. Here, any results deriving from a user’s search query will appear as normal. The links, however, are pointed to malicious websites and will redirect a user multiple times when invoked. With each redirect, a malicious download is pushed the user’s device. This strategy can riddle a system with malware, especially if the user fails to realize their browser has been compromised.
In extreme cases, a browser may become so corrupted that the only way to fix it (and relieved it of malware) is to uninstalled it completely. This should be followed by performing a deep scan with an antivirus (AV) product. These “malvertising” attacks, as they are called, have become an increasingly popular attack vector in the ad fraud space. Coupled with Black Hat SEO and pop-up advertising, their success rates are high and more effective than spam campaigns.
Rogueware is an effective tool for extorting money from end users. It is less sophisticated than ransomware, which encrypts valuable data until a demand is paid, and often involves more steps to implement successfully. But it is also easier to remedy by following good online practices like avoiding pirated software and other content. It is also a good idea to block unauthorized downloads in your browser settings. Finally, you should install and use antivirus (AV) programs from verified websites, which typically come with safe-browsing features that prevent requests to malicious websites altogether. Each of these measures will go a long way in protecting your system.