Cybercriminals Use Gear And Anxiety To Misguide Users

DQC Bureau
New Update

Symantec Corp announced the findings of its report on rogue security



The study's findings, based on data obtained during the 12-month period of

July 2008 to June 2009, reveal that cybercriminals are employing increasingly

persuasive online scare tactics to convince users to purchase rogue security

software. Rogue security software, or 'scareware', is a software that pretends

to be legitimate security software. These rogue applications provide little or

no value and may even install malicious code or reduce the overall security of

the computer.

"The Internet infrastructure in India is growing rapidly and we are

witnessing a burgeoning broadband population. As a direct consequence, an

industry study has estimated India to have the second highest online shopping

turnover by 2010," said Shantanu Ghosh, VP-India Product Operations, Symantec.

"In such a scenario, the presence of 'scareware' is an impending concern that

will critically affect Indian consumers and enterprises alike."

To encourage unsuspecting users to install their rogue software,

cybercriminals place website ads that prey on users' fears of security threats.

These ads typically include false claims such as "If this ad is flashing, your

computer may be at risk or infected," urging the user to follow a link to scan

their computer or get software to remove the threat. According to the study, 93

percent of the software installations for the top 50 rogue security software

scams were intentionally downloaded by the user. As of June 2009, Symantec has

detected more than 250 distinct rogue security software programs.


The initial monetary loss to consumers who download these rogue products

ranges from $30-100. However, the costs associated to regain ones' identity

could be far greater. Not only can these rogue security programs cheat the user

out of money, but the personal details and credit card information provided

during the purchase can be used in additional fraud or sold on black market

forums resulting in identify theft.

To make matters worse, some rogue security software actually installs

malicious code that puts users at risk of attack from additional threats. As a

result, installing these programs can lower the security posture of a computer

while claiming to strengthen it.

Deceptive ads

There are several methods employed to trick users into downloading rogue

security software, many of which rely on fear tactics and other social

engineering tricks. Rogue security software is advertised through a variety of

means, including both malicious and legitimate websites such as blogs, forums,

social networking sites, and adult sites. While legitimate websites are not a

party to these scams, they can be compromised to advertise these rogue

applications. Rogue security software sites may also appear at the top of search

engine indexes if scam creators have seeded the results.


To increase the likelihood of fooling users, rogue security software creators

design their programs so that they appear as credible as possible, mimicking the

look and feel of legitimate security software programs. In addition, these

programs are often distributed on websites that appear credible and enable the

user to easily download the illegitimate software. Some malicious sites actually

use legitimate online payment services to process credit card transactions and

others return an e-mail message to the victim with a receipt for

purchase-complete with serial number and customer service number.

Middlemen distribute rogue software for profit and prizes

Cybercriminals are profiting from a highly organized pay-for-performance
business model that pays scammers to trick users into installing bogus security

programs. According to the study, the top 10 sales affiliates for the rogue

security distribution site reportedly earned an average of

$2,000 per week during the12-month study period of the report, or almost three

times the weekly salary of the President of the United States.

To protect against rogue security software, Symantec recommends that both

enterprises and users employ the latest protection from security risks, such as

Symantec Endpoint Protection or Norton Internet Security. Users and enterprises

are also advised to follow best practices for protection and mitigation.

Specifically, users should invest in and install only proven, trusted security

software from reputable security vendors whose products are sold in established

retail and online stores.


Best practices for protection and mitigation as outlined in the report


  • Avoid following links from e-mails
  • Never view, open, or execute e-mail attachments unless the attachment is

    expected and comes from a known and trusted source
  • Be cautious of pop-up windows and banner advertisements that mimic

    legitimate displays. Suspicious error messages displayed inside the Web

    browser are often methods rogue security software scams use to lure users into

    downloading and installing their fake product.

DQC News Bureau