Warning: Over 130,000 PCs infected by unimpressive Rovnix Trojan

As of late, the info-sec headlines have been dominated by zero days, data breaches and ransomware – both PC-based and mobile. This doesn’t mean that more traditional threats have fallen to disuse, though, or that they are any less dangerous. In fact, recent reports have indicated a significant spike in Rovnix trojan infections, a malware about which there really isn’t anything special at all.

Independent researchers report that over the last few months, they’ve witnessed approximately 130,000 Rovnix infections on Windows-based PCs, in the UK, Germany, Italy, the US, and Iran. As a trojan spread by email spam, Rovnix is the type of malware that displays annoying/scary symptoms, in an attempt to steal credit card information from infected users. Symptoms can range from pay-per-click pop-up ads, to a faked blue screen of death, to the prototypical ‘Your Computer is Infected’ scareware window. The malware is also designed to offer a solution to all of these problems, in the form of – you guessed it –  a fake security product. Users who enter payment information effectively share it with cybercriminals, receiving nothing in return, and participating in what’s pretty much the automated equivalent of the Tech Support Scam.

In all, Rovnix is not particularly inventive, and yet it has still managed to infect a large number of users and prove profitable for the criminals who spread it. Why is this the case? Most likely because outside the world of info-sec headlines, most people do not even know that threats like Rovnix exist. Cybercriminals leverage this lack of knowledge to make large profits, with little effort, and though it may be blasé to those in the know, malware like Rovnix may actually be the greatest threat to everyday Internet users around the world.

With un-inventive threats like Rovnix, prevention doesn’t necessarily hinge on anti-malware being able to detect it – it hinges on user awareness. To help stop such threats, let your friends know: The Internet is a Dangerous Place! Once they realize what they are actually dealing with every time they go online, they may be interested to know that Emsisoft handles 300,000 new threats like Rovnix every single day, and that independent tests confirm that Emsisoft Anti-Malware is one of the few security products available that can block absolutely everything.

Have a great (malware-free) day!

For more on Rovnix, see this recent article from TechWorld.

Anyone who thinks they may be infected by Rovnix should contact Emsisoft Support.