Researcher Patrick Jordan put together some statistics on the various Rogues he sees on a daily basis, and I thought it made for some interesting reading.

How are the rogue AV products shaping up in terms of monthly / yearly numbers? Let’s take a look at what Patrick has pulled out of a fiery lake of evil through the years:

Click to Enlarge

No surprises that the new finds keep coming, with the foot really hitting the gas pedal in 2008 and never really letting up. In terms of rogues from various families doing the rounds in 2011 (from the 1st of January to the 31st of March), we have a clear winner:

The PrivacyCenter rogue sweeps all aside, and probably accepts some sort of award for services to scamming people out of their money (Patrick tells me that “MSE stands for Microsoft Security Essentials which is the fake alert used with the MSE extension”). While I’m not a huge fan of long lists, the following long list gives you an idea of the overwhelming nature of so many fake products hitting the net every other day:

1/4/2011            Palladium.FakeRean
1/4/2011            HDDFix.FakeSysDef
1/5/2011            MemoryFixer.FakeSysDef
1/9/2011            DiskOK.FakeSysDef
1/12/2011          GoodMemory.FakeSysDef
1/12/2011          FastDisk.FakSysDef
1/12/2011          WindowsSystemOptimizator
1/15/2011          DiskOptimizer.FakeSysDef
1/17/2011          WindowsOptimization&Security
1/18/2011          MemoryOptimizer.FakeSysDef
1/18/2011          WindowsSecurity&Control
1/20/2011          WindowsUtilityTool
1/21/2011          WindowsScan.FakeSysDef
1/25/2011          WindowsUniversalTool
1/26/2011          Antivirus.Net.FakeSpyPro
1/26/2011          WindowsRiskEliminator
1/27/2011          SmartInternetProtection2011.FakeVimes
1/28/2011          WindowsDisk.FakeSysDef
1/28/2011          AVG-Antivirus.FakeXPA
1/28/2011          WindowsAntispywareSolution
1/28/2011          WindowsShieldCenter
1/31/2011          WindowsHealthCenter
2/1/2011            WindowsProblemsRemover
2/2/2011            WindowsProblemsProtector
2/3/2011            WinDisk.FakeSysDef
2/4/2011            DiskRecovery.FakeSysDef
2/4/2011            InternetSecurity2011.RTK
2/5/2011            WindowsSafetyProtection
2/6/2011            WindowsSoftwareProtection
2/7/2011            PCSecurity2011.FakeSpyPro
2/7/2011            WindowsSoftwareGuard
2/8/2011            WindowsWiseProtection
2/9/2011            AntiViraAV.FakeSpyPro
2/9/2011            WindowsCareTool
2/10/2011          WindowsOptimalSolution
2/11/2011          WindowsOptimalSettings
2/11/2011          AntivirusSystem2011
2/11/2011          InternetSecurityDefender2011
2/14/2011          WindowsProblemsSolution
2/15/2011          WindowsUserSatellite
2/17/2011          WindowsExpressHelp
2/18/2011          WindowsAVSoftware
2/20/2011          WindowsSafetyGuarantee
2/21/2011          InternetSecurityEssentials.FakeVimes
2/21/2011          WindowsOptimalTool
2/22/2011          WindowsExpressSettings
2/22/2011          MegaAntivirus2012
2/23/2011          InternetDefender
2/25/2011          WindowsTool.FakeSysDef
2/25/2011          WindowsPrivacyAgent
2/26/2011          WindowsProcessesOrganizer
2/28/2011          WindowsTroublesAnalyzer
3/1/2011            WindowsPerformanceManager
3/2/2011            AntiMalwareGo.FakeSpyPro
3/2/2011            WindowsEfficiencyManager
3/3/2011            AntiVirusAntiSpyware2011
3/3/2011            XPHomeSecurity.FakeRean
3/3/2011            WindowsDebugSystem
3/5/2011            AntivirusMonitor.FakeSpyPro
3/7/2011            WindowsErrorCorrection
3/8/2011            WindowsDefenceCenter
3/9/2011            WindowsServantSystem
3/10/2011          SystemDefender
3/10/2011          WindowsTroublemakersAgent
3/11/2011          WindowsTroublesRemover
3/13/2011          WindowsDiagnostic.FakeSysDef
3/14/2011          WindowsRemedy
3/16/2011          BestMalwareProtection.FakeVimes
3/16/2011          E-SetAntivirus2011.FakeXPA
3/16/2011          WindowsThreatsRemoving
3/17/2011          WindowsEfficiencyMagnifier
3/18/2011          WindowsSafeMode.FakeSysDef
3/18/2011          SystemDiagnostic.FakeSysDef
3/18/2011          WindowsEmergencySystem
3/21/2011          CleanThis.FakeRean
3/21/2011          WindowsSupportSystem
3/22/2011          WindowsLowlevelSolution
3/23/2011          WindowsRecovery.FakeSysDef
3/23/2011          WindowsBackgroundProtector
3/24/2011          WindowsSimpleProtector
3/25/2011          WindowsPowerExpansion
3/26/2011          MSRemovalTool
3/28/2011          WindowsExpansionSystem
3/29/2011          WindowsRepair.FakeSeysDef
3/30/2011          WindowsProcessRegulator
3/31/2011          WindowsStabilityCenter

Pretty crazy. As always, if you happen to find yourself on a website with flashing infection alerts and constant offers to download a “security program”, ignore the prompts, don’t fill in any information and run the other way.

Thanks Patrick.

Christopher Boyd

• Rogue Facebook apps can now access your home address and mobile phone number
  In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number. Facebook has announced that ...
• Remove Antivirus Center (Uninstall Guide)
  Antivirus Center is a rogue anti-spyware program from the same family as Internet Protection. This malware is installed onto your computer through the use of fake scanner pages and Trojans that preten...
• Be Careful If Searching For Images of Kate Middleton’s Dress
  Real-world events occasionally generate a massive number of online searches. Japan's recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the worl...
• The Royal Wedding and The Fake Antivirus
  The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on vari...
• Malicious E-Cards on the prowl
  Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works.&n...
• Cyber Crooks All Set to Crash the British Royal Wedding
  As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu...
• Obama, birth certificates and Rogue AV
  You probably saw that whole "Obama birth certificate" thing yesterday.You're also aware this means hunting around for pictures of his birth certificate is going to result in Rogue AV files popping up....
• DLL-Based FAKEAV Returns In The Wild
  In our previous FAKEAV whitepaper, we presented how Trend Micro researchers tracked down the evolution of FAKEAV and classified its development, behavior-wise, according to generations. One of the ear...
• Kate Middleton has a blog, and some Fake AV
  Ah, Kate. When she isn't waving at babies, mingling with the commoners or appearing on Tumblrs she likes to set down some thoughts on her blog located at katemiddleton997(dot)typepad(dot)com:Click to ...
• Anger after scam-exposing community shut down by Facebook
  In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook. The Bulldog Estate...