Rogue security tool round-up
Recently, an executive at ParetoLogic discovered a link to a "crack" for XoftSpy. Crack files, on the rare occasion when they actually work, break through copy protection and give users free (and illegal) access to an application that other users pay for.
Cracks have commonly been linked to spyware, adware and viruses, and you can see for yourself (though I wouldn't recommend it) by punching in "crack" or "crackz" into the search engine of a file-sharing program like Kazaa or LimeWire. The results, more often than not, are blanketed with dangerous Trojan horse programs and other nasty bugs. That's because many worms and Trojan horses actually install fake crack files on infected PCs. These worms and Trojans spread by tricking users into downloading (via peer-to-peer file-sharing) a file named something like "Xoftspy crack.exe" or "Quake4crack.exe" -- files with names that suggest an easy path to free software, but that will more often than not load your PC with a dangerous bug or, more likely, a collection of bugs.
The crack file discovered at ParetoLogic downloaded a mob of dangerous programs onto the exec's machine, including SpyFalcon -- a rogue anti-spyware tool based on the prevalent and highly intrusive SpyAxe software.
In case you're hearing about rogue anti-spyware tools for the first time (this is an educational blog, afer all), you might want to look at the rogue anti-spyware shrine at SpywareWarrior.com. Rogues are security and anti-spyware tools that make claims to improving system security, but often cause more harm than good or, at the very least, do nothing at all but trick the user into spending money on a useless program. They're a deceptive and often convincing scam, and one that we're doing our best to combat by detecting and disabling as many rogue tools as we can.
New rogues are showing up all the time, but many of them are merely variants of existing programs. So you know what to avoid, here is a list of common and current rogue anti-spyware and security applications.
Adware.Punisher
Adware.Punisher (or Adware Punisher) is claims to remove spyware, adware and Internet threats, but will likely cause more harm than good. It is a variant of SpyAxe, another rogue anti-spyware application. (www.adwarepunisher[dot]com)
AlfaCleaner
AlfaCleaner claims to remove all spyware and “tune your PC to optimum performance,” but it will display fake security warnings and attempt to trick the user into purchasing the full retail version. (www.alfacleaner[dot]com)
BraveSentry
BraveSentry's free scan reports false positives in order to frighten the user into paying for the program. BraveSentry is known to be distributed through exploits that also download adware and spyware on to users' computers without notice or consent.(www.bravesentry[dot]com)
ErrorSafe
ErrorSafe claims to “fix computer problem,” but is of questionable utility and may be difficult to remove. (www.errorsafe[dot]com)
SpyAxe
SpyAxe is a well-known rogue anti-spyware tool, which users are often tricked into purchasing. Trojan horse programs may force installs of SpyAxe or make the application difficult to remove. (www.spyaxe[dot]com)
Spyblocs/eBlocs
Spyblocs/eBlocs claims to remove spyware, but is usually bundled with dangerous spyware and adware. It displays pop-up ads and is difficult to remove. (www.eblocs[dot]com)
SpyCut
SpyCut is distributed by means of misleading sponsored links that trick the user into believing his or her PC is infected with spyware then prompt the user to purchase a retail copy of SpyCut. SpyCut is known to be distributed through exploits that also download adware and spyware on to users’ computers without notice or consent. (www.spycut[dot]com)
SpyFalcon
SpyFalcon is a re-branded variant of SpyAxe, a well-known rogue anti-spyware tool, which users are often tricked into purchasing. Trojan horse programs may force installs of SpyAxe or make the application difficult to remove. (www.spyfalcon[dot]com)
SpySheriff
SpySheriff adware attempts to trick the user into purchasing a full version of the rogue anti-spyware tool. (www.spysheriff[dot]com)
SpyTrooper
SpyTrooper adware attempts to trick the user into purchasing a full version of the rogue anti-spyware tool. SpySheriff and SpyTrooper are identical in function and design; they differ in name only. (www.spytrooper[dot]com)
SpyShield
SpyShield is distributed by means of misleading sponsored links that trick the user into believing his or her PC is infected with spyware then prompt the user to purchase a retail copy of SpyShield. SpyShield is known to be distributed through exploits that also download adware and spyware on to users’ computers without notice or consent. (www.spy-shield[dot]com)
SpywareAxe
SpywareAxe is a re-branded variant of SpyAxe, a
well-known rogue anti-spyware tool, which users are often tricked into
purchasing. Trojan horse programs may force installs of SpyAxe or make
the application difficult to remove. (No website)
Spyware Disinfector
Spyware Disinfector is distributed by
means of misleading sponsored links that trick the user into believing
his or her PC is infected with spyware then prompt the user to purchase
a retail copy of Spyware Disinfector. Spyware Disinfector is known to
be distributed through exploits that also download adware and spyware
on to users’ computers without notice or consent.
(www.spywaredisinfector[dot]com)
SpywareQuake
SpywareQuake is a re-branded variant of SpyAxe, a well-known rogue
anti-spyware tool, which users are often tricked into purchasing.
Trojan horse programs may force installs of SpywareQuake or make the
application difficult to remove. It can be distributed through
exploits—particularly, the Vcodec vendor, which tricks users with
Windows Media player codecs and forces an install.
(www.spywarequake[dot]com)
Spyware Soft Stop
Spyware Soft Stop falsely claims to remove
spyware. Its free scan reports multiple false positives in order to
trick the user into buying a full version of the program. Performing
several consecutive scans shows that the program fabricates results,
often assigning different threat names to the same file. Spyware Soft
Stop is of questionable use as a security or anti-spyware tool.
(www.spywaresoftstop[dot]com)
SpywareStrike
SpywareStrike is a re-branded variant of SpyAxe, a well-known rogue anti-spyware tool, which users are often tricked into purchasing. Trojan horse programs may force installs of SpyAxe or make the application difficult to remove. (www.spywarestrike[dot]com)
Ultimate Defender
Ultimate Defender is a frustrating rogue security tool that claims to find and remove spyware, Trojan horses and other security risks, but will merely prompt the user to purchase the full version, which has little value as a security tool. Ultimate Defender displays incorrect scan results, inventing threats and failing to disclose their location on the user’s PC. Its scan results are unreliable, used mainly to trick users into purchasing the full version of this prevalent shareware application. (www.udefender[dot]com)
WinAntiSpyWare 2006
WinAntiSpyWare 2006 claims to remove all spyware, but it will display fake security warnings and attempt to trick the user into purchasing the full retail version. (www.winantispyware[dot]com)
WinFixer
WinFixer is a prevalent and frustrating rogue security tool that claims to find and remove Windows errors and security risks, but will merely prompt the user to purchase the full version, which has little value as a security or optimization tool. (www.winfixer[dot]com)
WinHound
WinHound is a re-branded variant of AlfaCleaner that claims to remove all spyware, but will display fake security warnings and attempt to trick the user into purchasing the full retail version. (www.winhound[dot]com)
---
There are more rogues showing up every week, but those listed above comprise the most common and dangerous as of this writing. Keep an eye out for rogue security scams, and don't let yourself be fooled by pop-up ads telling you that "your system has been compromised" or that "your PC is infected with spyware right now." If you're not sure about an application's validity or reputation, check SpywareWarrior's rogue list before you dispose of any hard-earned cash.
