A growing threat to PC health and network security comes in the form of fake anti-virus and anti-spyware programs circulating the Internet. These programs use a variety of techniques to infect computers. One common way is with a web pop-up from a compromised site, stating that the user's PC is infected with spyware and offering a free download to scan and clean the computer. Accepting the offer actually installs the rogue software. Sometimes clicking "Cancel" or even the red "x" to close the window will actually launch the installer. Other methods of infection include the use of Trojan downloaders already present on targeted PCs, links in spam, and even "drive-by" infections.

Rogue software often has a very professional-looking interface, complete with advanced graphical displays and good command of security buzzwords. They usually link to impressive websites listing the virtues and industry recognition of the software - which is, of course, fictional. The names all sound like legitimate anti-malware software, and in some cases will be almost identical to genuine security software. Some recent names include AntiSpyware Master, SpyGuarder, and Doctor Antivirus.

The primary goal of most rogue security software is to trick the user into purchasing an "upgrade," which typically costs around $30.00 to $50.00. These malicious programs will run artificial "scans" of the affected computer, and report any number of viruses, Trojans, worms, spyware, and adware. These reports are generally all fake positives, since the rogue software does not actually scan the computer. It will then promise to clean all these threats from the PC if the user follows a link and purchases the upgrade. The upgrade may or may not prevent the scanning program from continuing to report false positives. In any case, it is likely to result in more serious infections, as these rogue programs are associated with a variety of Trojans and other malware.

Some of the most malicious rogue anti-malware programs have more nefarious goals. They install key loggers to steal confidential information, or agents to add the infected computer to a botnet. The prevalence of rogue security software is rising. Trend Micro has reported a 5-fold year-over-year increase, and estimates that these applications account for as much as 10 percent of all current infections.

Removal of this kind of malware rarely works with the normal "Add and Remove Programs" utility. Manual removal usually entails booting into Windows Safe mode, searching for and removing specific files, unregistering affected dlls, and editing the registry. In other words, removal is beyond the capabilities of many end users. There are some free utilities that can help, like Malwarebyte's free Rogue Remover utility. Naturally, a pro-active defense is preferred. Users should never trust a web site that claims to have discovered malware on their PCs without being asked. Free scans should only be requested from well-known, trusted sites. Rogue applications are usually detected by genuine anti-malware applications, so keeping anti-virus programs, firewalls, and email scanners up to date will mitigate the risk of infection.