Over the holiday break, three people sent me panic messages asking about an antivirus product that was demanding money to fix their computers.
If my admittedly small sample is any indication, the venerable and virulent “System Progressive Protection” rogueware is back with new infection methods to delight us all. Oh boy.
System Progressive Protection’s persuasive ways
System Progressive Protection — SPP to its friends — presents some truly scary statistics to personal-computer users unfortunate enough to fall under its sway. It reports finding dozens — even hundreds — of Trojans, dialers, pernicious autoruns, spyware, and the like on a system. In truth, it’s probably the only thing infecting the machine. Of course, your only “solution” is to send money to the purveyors of System Progressive Protection so their bogus program can “activate” and rid the computer of the creepy-crawlies it “found.”
That’s the scam. In practice, if you send money, you’re giving the con artists both your credit-card number and the keys to your PC.
Yes, it’s the old rogue-anti-malware shtick. But recently, SPP’s infection vectors have become considerably more subtle — and the demands more outrageous. It’s particularly galling to see an SPP scan flag dozens of rogue applications on a completely clean machine (a bit of the pot calling the kettle black).
Less sophisticated rogue-malware scanners typically perform an ersatz scan and threaten fire and brimstone if you don’t activate the “scanner” by sending money. Most bogus scanners turn belly-up when confronted by a quick run of Microsoft Security Essentials, Malwarebytes, or some other legitimate AV product.
That’s not the case with this new version of SPP. It digs deep into Windows, making it resistant to nearly every type of malware-scanning software I’ve used. Manual disinfection methods that work on earlier versions of SPP might be ineffective with the latest incarnation. I haven’t yet seen a detailed analysis of this new version, but it appears to burrow in and run as a rootkit (Wikipedia definition) — a particularly tenacious type of infection.