Cybercriminals use fear and anxiety to convince users to buy rogue security software
Posted on 23-Oct-2009 15:37.
Filed under: News
Symantec Corp. has announced the findings of its Report on Rogue Security Software. The study’s findings, based on data obtained during the 12-month period of July 2008 to June 2009, reveal that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software.
Rogue security software, or ‘scareware,’ is software that pretends to be legitimate security software. These rogue applications provide little or no value and may even install malicious code or reduce the overall security of the computer.
The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.
To encourage unsuspecting users to install their rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat. According to the study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user. As of June 2009, Symantec has detected more than 250 distinct rogue security software programs.
The initial monetary loss to consumers who download these rogue products ranges from NZD$35 to NZD$120. However, the costs associated to regain ones’ identity could be far greater. Not only can these rogue security programs cheat the user out of money, but the personal details and credit card information provided during the purchase can be used in additional fraud or sold on black market forums resulting in identify theft.
There are several methods employed to trick users into downloading rogue security software, many of which rely on fear tactics and other social engineering tricks. Rogue security software is advertised through a variety of means, including both malicious and legitimate web sites such as blogs, forums, social networking sites, and adult sites.
While legitimate web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.
To increase the likelihood of fooling users, rogue security software creators design their programs so that they appear as credible as possible, mimicking the look and feel of legitimate security software programs. In addition, these programs are often distributed on web sites that appear credible and enable the user to easily download the illegitimate software. Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an e-mail message to the victim with a receipt for purchase – complete with a serial number and customer service number.
Cybercriminals are profiting from a highly organised pay-for-performance business model that pays scammers to trick users into installing bogus security programs. According to the study, the top ten sales affiliates for the rogue security distribution site TrafficConverter.biz reportedly earned an average of NZD$31,000 per week during the 12-month study period of the report.
These practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor directed to the online retailer’s website due to the affiliate’s marketing efforts.
Among the distribution sites Symantec observed, affiliates are paid $0.55 for installations of rogue security software by users in the U.S.; affiliates are paid $0.52 for installations by users in the U.K. and Canada; and affiliates are paid $0.50 for installations by users in Australia. The fifth highest price is considerably lower, with affiliates paid just $0.16 for installations by users in Spain, Ireland, France, and Italy.
The per-installation-price variations from country to country varies based on the likelihood of users from that country paying for the fake security software.
Users should avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website. Alsi users should not view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.
Finally, users should be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.
The Symantec Report on Rogue Security Software, developed by the company’s Security Technology and Response (STAR) organisation, is an in-depth analysis of rogue security software programs. The report includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors.
The Security Technology and Response (STAR) organisation, which includes Security Response, is a worldwide team of security engineers, threat analysts, and researchers that provides the underlying functionality, content, and threat expertise for all Symantec corporate and consumer security products. With global response centres located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the internet, receives data from 240,000 network sensors in more than 200 countries, and tracks more than 32,000 vulnerabilities affecting more than 72,000 technologies from more than 11,000 vendors.