|
Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and manipulates them into paying money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users though fear, and a form of ransomware. Rogue security software has become a growing and serious security threat in desktop computing in recent years (from 2008 on). == Propagation == Rogue security software mainly relies on social engineering (fraud) to defeat the security built into modern operating system and browser software and install itself onto victims' computers.〔 A website may, for example, display a fictitious warning dialog stating that someone's machine is infected with a computer virus, and encourage them through manipulation to install or purchase scareware in the belief that they are purchasing genuine antivirus software. Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as: * A browser plug-in or extension (typically toolbar) * An image, screensaver or archive file attached to an e-mail message * Multimedia codec required to play a certain video clip * Software shared on peer-to-peer networks * A free online malware-scanning service Some rogue security software, however, propagate onto users' computers as drive-by downloads which exploit security vulnerabilities in web browsers, PDF viewers, or email clients to install themselves without any manual interaction.〔〔(【引用サイトリンク】title=News Adobe Reader and Acrobat Vulnerability )〕 More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites〔 〕 before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising. Cold-calling has also become a vector for distribution of this type of malware, with callers often claiming to be from "Microsoft Support" or another legitimate organization.〔(【引用サイトリンク】url=http://www.bbc.co.uk/news/uk-11754487 )〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Rogue security software and Rogueware, and both already covered completely by Scareware (see 2nd para of lead there). No benefit to the reader to split hairs. -->Rogue security software is a form of malicious software and Internet fraud that misleads users into believing there is a virus on their computer, and manipulates them into paying money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users though fear, and a form of ransomware. Rogue security software has become a growing and serious security threat in desktop computing in recent years (from 2008 on). == Propagation ==Rogue security software mainly relies on social engineering (fraud) to defeat the security built into modern operating system and browser software and install itself onto victims' computers. A website may, for example, display a fictitious warning dialog stating that someone's machine is infected with a computer virus, and encourage them through manipulation to install or purchase scareware in the belief that they are purchasing genuine antivirus software.Most have a Trojan horse component, which users are misled into installing. The Trojan may be disguised as:* A browser plug-in or extension (typically toolbar)* An image, screensaver or archive file attached to an e-mail message* Multimedia codec required to play a certain video clip* Software shared on peer-to-peer networks* A free online malware-scanning serviceSome rogue security software, however, propagate onto users' computers as drive-by downloads which exploit security vulnerabilities in web browsers, PDF viewers, or email clients to install themselves without any manual interaction.(【引用サイトリンク】title=News Adobe Reader and Acrobat Vulnerability )More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program. A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising.Cold-calling has also become a vector for distribution of this type of malware, with callers often claiming to be from "Microsoft Support" or another legitimate organization.(【引用サイトリンク】url=http://www.bbc.co.uk/news/uk-11754487 )」の詳細全文を読む スポンサード リンク
|