Fat cat cyber criminals pocket huge profits from Scareware

12 Nov 2009

Cyber criminals are pocketing enormous profits through a comparatively low-risk, fast-growing new crime peddling bogus security software or ‘Scareware’ to unsuspecting internet users, Symantec warns.

According to Symantec, a third generation of highly organised criminals are creating Scareware – counterfeit anti-virus software that unsuspecting users are tricked into downloading when they visit unfamiliar websites – enabling kingpin cyber criminals to pocket net profits of more than stg£850,000 a year.

The sophistication of the scam means that 93pc of Scareware is intentionally downloaded by internet users convinced they are doing the “right” thing.

Knee-jerk reaction

Experts say Scareware has gathered momentum precisely because it preys on our fears when using the internet – if we believe we’re open to a security threat then we’re more likely to have a knee-jerk reaction.

“Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits,” said Prof David S Wall of the School of Criminal Justice Studies and Information Societies, University of Leeds.

“This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it’s a con. I would advise internet users to be careful while online and only download from trusted sources,” Wall said.

The “scare” or “shock” aspect of the message seeks to induce a panic response, so users are inclined to quickly click the “continue” or “accept” box and then proceed to payment to fix an urgent issue rather than consider what they are being shown.

Rogue security software

Rogue security software, also known as “scareware”, provides little or no value and may even install malicious code or reduce the overall security of the computer.

To date, Symantec has detected 250 separate fake programs being sold for between stg£20 and stg£60. Symantec discovered they were sold via nearly 200,000 websites worldwide, made up of dedicated websites and banner adverts placed by scammers on legitimate websites.

There are several methods employed to trick users into downloading rogue security software, many of which rely on fear tactics and other social-engineering tricks.

Rogue security software is advertised through a variety of means, including both malicious and legitimate websites such as blogs, forums, social-networking sites and adult sites.

Sites at risk

While legitimate web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

Rogue security software creators design their programs to appear as “real” as possible. They use legitimate-sounding product names; for example, the Top 5 rogue security software applications are ‘SpywareGuard 2008’, ‘AntiVirus 2008’, ‘AntiVirus 2009’, ‘SpywareSecure’, and ‘XP AntiVirus’.

They use advertisements, pop-up windows and notification icons that mimic legitimate security programs. They use the same fonts, colours and layouts as trusted security vendor sites. They may use a legitimate online payment service or return a confirmation and receipt email to the user, along with a customer service number. They may offer free trials or free system scans.

The sale and distribution of scareware to vendors uses an affiliate-based business model, similar to buying a well-known high-street franchise business. Successful scammers are rewarded with big paychecks and luxury prizes.

Making money

Top affiliates can earn as much nearly stg£7,000 a month for duping users into installing security risks, including rogue security software programs. The scammer is paid every time he or she tricks a user into installing the rogue security software, and commissions are greater for installs of software.

The threat from rogue security software is expected to grow over the next six to 12 months, and Symantec is warning that people and businesses need to be vigilant.

Protective measures

Best practices for protection and mitigation as outlined in the report include: avoid following links from emails to spoof or malicious websites; be cautious of pop-up windows and banner ads that mimic legitimate displays; and never open suspect attachments.

“The findings of our Report on Rogue Security Software make it clear that cyber criminals are willing, eager, and well-equipped to prey on today’s internet user,” said Stephen Trilling, senior vice-president, Symantec Security Technology and Response.

“To avoid becoming a victim of such predatory practices, Symantec strongly urges internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites,” Trilling said.

By John Kennedy

Photo: Scareware preys on our fears when using the internet – if we believe we’re open to a security threat then we’re more likely to have a knee-jerk reaction, experts say.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com