Once installed, the rogue security software may then attempt to entice the user into purchasing a service or additional software by:
- Alerting the user with the fake or simulated detection of malware or pornography.
- Displaying an animation simulating a system crash and reboot.
- Selectively disabling parts of the system to prevent the user from uninstalling them. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.
- Installing actual malware onto the computer, then alerting the user after “detecting” them. This method is less common as the malware is likely to be detected by legitimate anti-malware programs.
- Altering system registries and security settings, then “alerting” the user.
Developers of rogue security software may also entice people into purchasing their product by claiming to give a portion of their sales to a charitable cause. The rogue Green antivirus, for example, claims to donate $2 to an environmental care program for each sale made.
Some rogue security software overlaps in function with scareware by also:
- Presenting offers to fix urgent performance problems or perform essential housekeeping on the computer.
- Scaring the user by presenting authentic-looking pop-up warnings and security alerts, which may mimic actual system notices. These are intended to use the trust that the user has in vendors of legitimate security software.
Sanction by the FTC and the increasing effectiveness of anti-malware tools since 2006 have made it difficult for spyware and adware distribution networks—already complex to begin with—to operate profitably. Malware vendors have turned instead to the simpler, more profitable business model of rogue security software, which is targeted directly at users of desktop computers.
Rogue security software is often distributed through highly lucrative affiliate networks, in which affiliates supplied with Trojan kits for the software are paid a fee for every successful installation, and a commission from any resulting purchases. The affiliates then become responsible for setting up infection vectors and distribution infrastructure for the software. An investigation by security researchers into the Antivirus XP 2008 rogue security software found just such an affiliate network, in which members were grossing commissions upwards of $USD150,000 over 10 days, from tens of thousands of successful installations.