Year of the Rogueware

Another misleading AV package keeps returning to our lists, modified by its writers and rereleased constantly to minimize AV detection and widen their window of opportunity to mislead users. As previously posted, the themes for this stuff change fairly frequently. But this one, WinSpywareProtect, is like a bad rash that keeps coming back. We find users attempt to run its installer, Install1.exe, and its payload, winspywareprotect.exe, on their ThreatFire community systems far too often.

The web site is fairly convincing. It appears as though the software company has won a number of awards. Any amount of googling, however, will show that these award logos are completely illegitimate:

AV detection is somewhat shoddy for the installer during this window of opportunity:

Careful with what you are installing on your system. As in our previous post linked above, fraud and rogueware are rampant efforts — social engineering can have a payout.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>