Security Shield has since continued to have strong distribution through 2011 and into 2012. Recently rebranded as Security Shield 2012, the Security Shield computer infection is one of the longest running rogue campaign that uses the same name and belongs to the same family. The only other rogue that has had a longer distribution was Security Tool, which lasted for about 18 months.
For more screen shots of this infection click on the image above.
It is important to note that when we call a program a rogue, we are referring to one that is an actual computer infection and not one that is just misleading or does a bad job cleaning. These infections display the typical fake alert and scan results, but also take your computer hostage, change system settings, terminate processes, create fake files, or are installed by malware.Security Shield is one of these types of infections as it bundled with other malware, displays false alerts, false scan results, terminates processes, and hijacks Internet Explorer.
Rogue anti-spyware programs are normally broken up into families, with each rogue in the family essentially being the same program but with a different user interface and name.Security Shield is part of the Rogue.WinWebSec family of rogues that includes other heavy hitters such as Security Tool, System Tool, and MS Removal Tool. With over 760 rogues cataloged in our virus removal section, we have learned that you can determine how strongly a particular rogue is being distributed by the amount of views that the particular rogue’s removal guide receives. In terms of total views, the Rogue.WinWebSec family is by far the most prolific with a total of 5,795,128 views for this family.The second largest are the rogues that are part of the Rogue.FakeXPA, which includes XP Antivirus, that have 4,429,320 combined guide views.
Though Security Shield is not the largest campaign from this family by any means, it still has had a strong distribution with over 600 thousand views of its removal guide. As you can see from the list below, this rogue family typically releases one heavy hitter every 6 months to a year, which gets large distribution. The family then releases a couple more variants throughout the same year, which do not get nearly the same amount of play.
Rogue NameDate ReleasedViewsWinweb Security11/27/200881,533System Security12/24/2008285,798Security Tool09/25/20092,976,959Windows Smart Security10/09/20097,389System Adware Scanner 201012/15/20096,244System Tool10/22/2010955,539Security Shield 201212/07/2010617,599MS Removal Tool03/27/2011897,129Essential Cleaner05/17/201110,284Personal Shield Pro06/09/201169,944Security Sphere 201209/29/201112,2171Smart Protection 201202/22/201217,623Security Scanner02/12/20127,265Smart Fortress 201202/27/201240,469Rogue.WinWebSec Family of Rogue Anti-Spyware Programs
Security Shield’s largest distribution was when it was first released in December 2010. Then from March 2011 through December 2011 there was a lull in distribution. In January of this year, though, we are seeing a large increase in search queries related to this rogue, which has now been rebranded as Security Shield 2012.The amount of page views for the Security Shield removal guide has also increased dramatically here at BleepingComputer, which corroborates what we are seeing in the Google Trends’s chart for the search phrase “Security Shield”.
Google Trends Chart for the Security Shield Search Phrase
Even though Smart Fortress 2012, the latest Rogue.WinWebSec variant, is still being promoted, it appears that the developers behind this family are continuing to strongly pushSecurity Shield. Whether they will continue to distribute Security Shield is unknown at this point. What we do know, is that Rogue anti-spyware programs are making a comeback and are unfortunately here to stay. They are just much too profitable for the criminals to abandon this type of cybercrime.
To protect yourself, make sure you never click on pop-ups stating that you are infected, have all your Windows updates installed, and make sure all your computer programs are up-to-date by using a program like Secunia PSI. Just these three steps will dramatically reduce your exposure to these types of infections.