Scareware vendors use affiliate-based business model to generate huge profits for cybercriminals

(19/10/2009)

Rogue Security Software also known as 'scareware' pretends to be legitimate security software and tricks unsuspecting internet users into downloading counterfeit anti-virus software when they visit unfamiliar websites. These rogue applications provide little or no value and may even install malicious code or reduce the overall security of the computer. The threat from Rogue Security Software is expected to grow over the next 6-12 months and people and businesses need to be vigilant.

According to a new report from Symantec on Rogue Security Software, fat cat cybercriminals are pocketing huge profits through a comparatively low-risk, fast-growing crime peddling bogus security software to unsuspecting internet users.

A 3rd generation of highly organised criminals, are creating Scareware – counterfeit anti-virus software, that unsuspecting users are tricked into downloading when they visit unfamiliar websites – enabling kingpin cybercriminals to net profits of more than 850,000 GBP a year (858,130 GBP). The sophistication of the scam means that 93% of Scareware is intentionally downloaded by internet users convinced they are doing the ‘right’ thing.

Experts say Scareware has gathered momentum precisely because it preys on our fears when using the internet – if we believe we’re open to a security threat then we’re more likely to make a knee-jerk reaction. The ‘scare’ or ‘shock’ aspect of the message seeks to induce a panic response, so users are inclined to quickly click the ‘continue’ or ‘accept’ box and then proceed to payment to fix an urgent issue rather than consider what they are being shown.

To date, Symantec has detected 250 separate fake programs being sold for between 20 and 60 GBP. Symantec discovered they were sold via nearly 200,000 websites worldwide, made up of dedicated websites and banner adverts placed by scammers on legitimate websites.

There are several methods employed to trick users into downloading Rogue Security Software, many of which rely on fear tactics and other social engineering tricks. Rogue Security Software is advertised through a variety of means, including both malicious and legitimate websites such as blogs, forums, social networking sites, and adult sites. While legitimate Web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

Rogue Security Software creators design their programs to appear as ‘real’ as possible. They use legitimate-sounding product names; for example, the top five Rogue Security Software applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus. They use advertisements, pop-up windows, and notification icons that mimic legitimate security programs. They use the same fonts, colours, and layouts as trusted security vendor sites. They may use a legitimate online payment service or return a confirmation and receipt email to the user along with a customer service number. They may offer free trials or free system scans

The sale and distribution of scareware to vendors uses an affiliate-based business model, similar to buying a well-known high street franchise business. Successful scammers are rewarded with big paychecks and luxury prizes. Top affiliates can earn as much nearly 7,000 GBP a month (6,974 GBP) for duping users into installing security risks, including Rogue Security Software programs. The scammer is paid every time he or she tricks a user into installing the Rogue Security Software, and commissions are greater for installs of software.

Best practices for protection and mitigation as outlined in the report include:

- Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website.

- Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.

- Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.

"The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user,” said Stephen Trilling, Senior Vice President, Symantec Security Technology and Response. “To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites.

“Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits,” said Professor David S. Wall - School of Criminal Justice Studies and Information Societies, University of Leeds. “This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it's a con. I would advise Internet users to be careful while online and only download from trusted sources."

Related topics:  Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources