About a year ago we wrote about misleading applications and the business models behind them. Misleading applications, also commonly known as “rogue antispyware” applications, claim to detect and remove threats from your computer. What they actually do instead is report threats on clean computers and request payment for removal of these non-existent threats. Today, their numbers are on the rise, making up a larger portion of the security risks in the threat landscape. For example, we have discovered more than 40 new misleading applications since June 2007.
So how have they risen to such prominence? Misleading applications play upon a user’s concern that malicious threats may reside on his or her computer. “Your computer may be at risk!” is the overriding theme when a user encounters one of these risks. The irony is that the misleading application itself is far from benign.
So how are users coming into contact with misleading applications? The simple answer is through surfing the Internet. Suspicious banner ads often lead to these applications. (“If this banner is flashing, your computer may be at risk!”) On blogs, social networking sites, newsgroups – anywhere unregistered comments and posts can be left – links to misleading applications are not hard to find. Users who follow such unsolicited (and often off-topic) URLs can find themselves encountering misleading applications.

Figure 1: Comments on YouTube leading to misleading applications.

Figure 2: Off-topic newsgroup post with URLs pointing to misleading applications.
However, these sorts of installation vectors rely on a user actively clicking on a link for the installation to occur. Far more nefarious are misleading applications that yell for the user’s attention, grabbing them by their virtual collar, and shouting “install me, or you’re in trouble!”
In particular, misleading applications are often installed together with content from adult and pirated software Web sites. When visiting these sites, users are already frightened that they will become infected by malicious software (and this belief isn’t unfounded). So when a misleading application falsely states they are infected, moments after visiting one of these sites, they are more likely to believe it and pay money to have these fake threats removed.
The following video demonstrates two such activities that result in the appearance of in-your-face misleading applications – searching for software cracks and browsing adult content:

These aggressive installation vectors seem to be very effective in increasing the installation base of many misleading applications. By offering users shelter from risky activity, albeit false security, misleading applications have suddenly appeared in the spotlight.
To learn more about misleading applications, visit Symantec’s new microsite, dedicated to these tricky, deceptive risks. The site discusses what misleading applications are, why they pose a threat, and what you can do to protect yourself against them.



More...