Side blows of a new threat: Rogue Anti-Spyware

  • September 23, 2008
  • 4 min read


Hackers and malware programmers have always been very creative about finding news ways to attack your computer. The point of this is not to always try to identify new vulnerabilities (exploits) or to infiltrate your computer with trojans, nor to develop more efficient methods by which the malware can be hidden. At the moment, fake anti-spyware programs are one threat among others that is rapidly spreading. Of course, this evil has a name: Rogue Anti-Spyware.

Rogue anti-spyware lives up to its name. Roguish anti-spyware, does that mean software which is supposed to protect against spyware? (Read more on:
What is Spyware?
) This sounds funny at first, but it is another serious threat exploiting the average Internet user. Imagine you install software and expect that it would protect you from spyware. However, instead of protection you get exactly what you were trying to avoid – spyware.

Types of Rogue Anti-Spyware

Experts basically distinguish between two types of rogue anti-spyware – On the one hand there are programs that do actually include a scanner, but which are poorly programmed and contain far too few signatures – they can hardly detect any spyware at all. The creators’ aim in most cases is simply to make money, because anti-spyware programs are not usually free and there always are some people who will buy the program. However, the purchase is only good for salving ones conscience, and certainly is not effective against spyware. One the other hand, the second type of rogue anti-spyware is even worse, as it doesn’t even provide a low level of protection. In fact, the opposite is the case – these are real spyware programs that embed themselves so deeply within the operating system that they are often very difficult to remove.

How to identify rogue anti-spyware?

Now, it is reasonable to expect that you might be worried and don’t really know which programs to trust. Good advice can be had by consulting the list maintained by Spywarewarrior. It contains many names and URLs to rogue anti-spyware programs which one should keep one’s hands off. There are also other tell-tale signs that can help to identify a suspicious website even without the list. For example, in contrast to the home pages of known publishers, most “scam” sites seem very simple or cheap. However, this is not always the case. Another sign that a website may be offering rogue anti-spyware as opposed to a legitimate program is constant linking to a single file. If the “online” scan, download and even the product description refer to the same source, alarm bells should ring. As a matter of principle, one should always examine any legal information on the site and the contact options: it is a clear warning sign when a contact email address or telephone number are missing as European e-commerce law states that every website selling a product must include information such as the company’s legal form (Limited, Corp, GmbH, AG, etc.), commercial registered number, name of the CEO, and complete address and telephone number.

Example: Antispycheck


A current example: The initial look of the Antispycheck Homepage is professional, but all links on the site refer to the same address and lead to a download of this fake anti-spyware program. The site has a minimalistic layout where legal information as well as contact options are missing. The server was only taken from the net after several months of activity and thousands of infections.


Once installed, Antispycheck parks itself on the system so firmly that it can only be removed with professional help. The user is molested by an ad that pops up from the taskbar about once every minute and attempts to induce the user to buy the useless software. All suspicious files detected by the scanner do not really exist, and a complete system scan wouldn’t even be possible within the few minutes the ‘scan’ takes.

Which software is trustworthy?

Essentially, all known trademarks in the security arena can be trusted. Evidence for genuine working anti-spyware programs can comprise test reports in known journals and a high number of known download portals offering the software. Always research potential security software purchases to ensure you are buying a genuine professional product.

In this context, we wouldn’t want to conceal which program was best in an independent test against rogue anti-spyware by the security experts from Dozleng.com: Emsisoft! Eight products from known publishers were tested among whom our a-squared scan technology was far ahead of the others – so far ahead it was in first place. You can find the complete test report on Dozleng.com.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a Great (Malware-Free) Day!

What to read next