|
Scam/Fake security software
are loaded in millions of computers worldwide
Los Angeles, California, Oct. 19, 2009
Gary Singh/ S.K Verna
To encourage unsuspecting users to install their rogue
software, cybercriminals place website ads that prey
on users’ fears of security threats. These ads typically
include false claims such as:
- “If this ad is flashing, your computer may be at risk
or infected,” urging the user to follow a link to scan their
computer or get software to remove the threat.
- According to the study, 93 percent of the software installations
for the top 50 rogue security software scams were intentionally
downloaded by the user.
- As of June 2009, Symantec has detected more than 250 distinct
rogue security software programs.
Cybercriminals Use Fear and Anxiety to Convince Users to Buy Rogue
Security Software. Users lulled into false sense of security while
exposed to greater information and identity risks
Today, October 19, 2009, Symantec Corp. announced the findings
of its Report on Rogue Security Software. The study’s findings,
based on data obtained during the 12-month period of July 2008 to
June 2009, reveal that cybercriminals are employing increasingly
persuasive online scare tactics to convince users to purchase rogue
security software.
Rogue security software, or “scareware,” is
software that pretends to be legitimate security software.
These rogue applications provide little or no value and may even
install malicious code or reduce the overall security of the computer.
Loss to consumers:
- The initial monetary loss to consumerswho download these rogue
products ranges from $30 to $100.
- The costs associated to regain ones’ identity could be
far greater. Not only can these rogue security programs cheat
the user out of money, but the personal details and credit card
information provided during the purchase can be used in additional
fraud or sold on black market forums resulting in identify theft.
- To make matters worse, some rogue security software actually
installs malicious code that puts users at risk of attack from
additional threats.
As a result, installing these programs can lower the security posture
of a computer while claiming to strengthen it. For example, rogue
programs may instruct the user to lower or disable any existing
security settings while registering the bogus software or prevent
the user from accessing legitimate security Web sites after installation.
This, in turn, leaves users exposed to the very threats the rogue
software promised to protect against.
Deceptive Ads Prey on Fear to Convince Users to Buy Rogue
Applications: There are several methods employed to trick
users into downloading rogue security software, many of which rely
on fear tactics and other social engineering tricks. Rogue security
software is advertised through a variety of means, including both
malicious and legitimate
- Web sites such as blogs, forums, social networking
sites, and adult sites. While legitimate Web sites are not a party
to these scams, they can be compromised to advertise these rogue
applications.
- Rogue security software sites may also appear at the
top of search engine indexes if scam creators have seeded
the results.
To increase the likelihood of fooling users, rogue security software
creators design their programs so that they appear as credible as
possible, mimicking the look and feel of legitimate security software
programs. In addition, these programs are often distributed on Web
sites that appear credible and enable the user to easily download
the illegitimate software. Some malicious sites actually use legitimate
online payment services to process credit card transactions and
others return an e-mail message to the victim with a receipt for
purchase – complete with serial number and customer service
number.
Middlemen Distribute Rogue Software for Profit and Prizes:Cybercriminals
are profiting from a highly organized pay-for-performance business
model that pays scammers to trick users into installing bogus security
programs. According to the study, the top ten sales affiliates for
the rogue security distribution site:
- TrafficConverter.biz reportedly earned an average of $23,000
per week during the 12-month study period of the report, or almost
three times the weekly salary of the President of the United States.
- Affiliate marketing programs reward participating affiliates
or members for each visitor or directed to the online retailer’s
website due to the affiliate’s marketing efforts. Through
this model, affiliates of rogue software scams can earn between
$0.01 and $0.55 for every successful installation.
- The highest prices are paid for installations by users in the
U.S., followed by the U.K., Canada, and Australia. Some distribution
sites also offer their affiliates incentives in the form of bonuses
for a certain number of installs, as well as VIP points and prizes
such as electronics and luxury cars.
Best practices for protection and mitigation as outlined
in the report include:
- Avoid following links from emails, as these may be links to
spoofed or malicious websites. Instead, manually type in the URL
of a known, reputable website.
- Never view, open, or execute email attachments unless the attachment
is expected and comes from a known and trusted source. Be suspicious
of any emails that are not directly addressed to your email address.
- Be cautious of pop-up windows and banner advertisements that
mimic legitimate displays.
- Suspicious error messages displayed inside the Web browser
are often methods rogue security software scams use to lure users
into downloading and installing their fake product.
Click to Tweet:
“To avoid becoming a victim of such predatory practices,
Symantec strongly urges Internet users to make sure they are using
the latest security protection and always obtain their security
software directly from trusted vendors’ websites.”
“Scareware creators can scam thousands of people for comparatively
small amounts of money all at the same time and make huge aggregate
profits,” said David Wall, PhD. professor, Centre for Criminal
Justice Studies, University of Leeds.
“This type of fraud works because the fake security software
tricks users into believing they have an immediate threat which
only their program can resolve. Ultimately, it's a con. I would
advise Internet users to be careful while online and only download
from trusted sources."
Additional Facts
- The top five reported rogue security applications are
SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure,
and XP AntiVirus.
- Among the distribution sites Symantec observed,
affiliates are paid $0.55 for installations of rogue security
software by users in the U.S.; affiliates are paid $0.52 for installations
by users in the U.K. and Canada; and affiliates are paid $0.50
for installations by users in Australia.
- The fifth highest price is considerably lower, with affiliates
paid just $0.16 for installations by users in Spain, Ireland,
France, and Italy.
- The per-installation-price variations from country to country
varies based on the likelihood of users from that country paying
for the fake security software.
- Ninety-three percent of rogue security software programs are
advertised through a Web site designed for this purpose; 52 percent
are promoted through Web advertising.
- Of the top 50 reported rogue security applications observed
between July 2008 and June 2009, 61 percent of the scams observed
by Symantec were attempted on users in North America; 31 percent
occurred in the Europe, Middle East, and Africa region; 6 percent
occurred in the Asia-Pacific/Japan region; and 2 percent in the
Latin America region.
- The higher percentage of rogue security software scams in the
top two regions is likely due to the fact that the majority of
malicious activity in general is also in the North America and
Europe/Middle East/Africa regions.
- The higher percentage of rogue security software scams in North
America may also be due to the fact that affiliates are paid a
higher per-installation price for installing their software onto
the computers of users in this region.
Additional Resources
The Symantec Report on Rogue Security Software, developed by the
company’s Security Technology and Response (STAR) organization,
is an in-depth analysis of rogue security software programs,
The Security Technology and Response (STAR) organization,
which includes Security Response, is a worldwide team of security
engineers, threat analysts, and researchers that provides the underlying
functionality, content, and threat expertise for all Symantec
corporate and consumer security products.
Symantec is a global leader in providing security, storage and
systems management solutions to help consumers and organizations
secure and manage their information-driven world.
|