Rogue anti-virus and anti-spyware products are not a new story, but they are a relatively growing threat. One of these threats made some news this week and taught some lessons about just how suspicious you have to be of them. We had heard of XP Antivirus—also known by a plethora of name variants, including Antivirus XP and year variants like Antivirus XP 2008. Click here for a description from Sunbelt Software. Last week, advertisements for this product started appearing on CNET (specifically their Download.com service) through syndicated Google ads. Not to pick on CNET specifically; Google ads are likely to be appearing elsewhere, but we were referred to them on that site. The hallmark of such malware is to start with a free version. This version conducts a fake malware scan that finds lots of malware on the system, and the user is told to pay for the "premium" version in order to remove the malware that doesn't really exist in the first place. Often rogue anti-malware software such as this is not strictly malicious in the sense of spreading itself to other systems or hiding any functions; it is simply a scam. Of course, by buying the product you may also expose personal and credit card details to untrustworthy people. Later last week, GlobalSign, the certificate authority that had issued a code signing certificate for use with Antivirus XP 2008, revoked that certificate after complaints that the software was malicious. They verified that the company existed but couldn't contact them. The investigation is ongoing. The bottom line and moral of the story is that rogue anti-malware vendors are merciless and shameless when it comes to masquerading as legit software. Ads on legit sites don't prove anything, and code-signing certificates don't prove anything. You still need to use common sense and exercise precautions, like running well-known and respected anti-malware, like Sunbelt Software's. They have a lot of special in-house expertise on rogue products like this.