Rogues (or scareware, or fake antivirus applications) are software applications that claim to be genuine, properly good security software solutions. Once installed on your system, they will scare you into thinking your system is infected (hence the name scareware) and then ask for money to remove the made-up infection. As a matter of fact, the scaring you business starts way before the application is installed.

For example, a Trojan compromises your system and starts blasting you with popups that falsely claim your system is infected and you need to download some rogue to remove the phony infection. Or, when you visit a specially crafted website, a false online malware scanner appears, claims to have found malware on your system, then invites you to download a rogue.

Mountain View-based search engine giant Google first uncovered rogues/fake AV/scareware whatever you want to call them, about three years back. Since then Google has been working hard to protect users from this threat.

“One increasingly prevalent threat is the spread of Fake Anti-Virus (Fake AV) products. At Google, we have been working to help protect users against Fake AV threats on the web since we first discovered them in March 2007. In addition to protections like adding warnings to browsers and search results, we’re also actively engaged in malware research,” commented Google’s Niels Provos.

For the past 13 months, Google has performed an in-depth analysis of the prevalence of fake AV. Google looked at over 240 million webpages and found that more than 11,000 served rogues. This is to say that about 15% of the malware domains Google looked at were involved in spreading rogues.

Google put all the findings of this study in a paper entitled “The Nocebo Effect on the Web: An Analysis of Fake AV distribution”. The research paper will be presented on the 27th of April, at the Workshop on Large-Scale Exploits and Emergent Threats (LEET) in San Jose, California.