Symantec Corp announced the findings of its report on rogue security
software.
The study's findings, based on data obtained during the 12-month period of
July 2008 to June 2009, reveal that cybercriminals are employing increasingly
persuasive online scare tactics to convince users to purchase rogue security
software. Rogue security software, or 'scareware', is a software that pretends
to be legitimate security software. These rogue applications provide little or
no value and may even install malicious code or reduce the overall security of
the computer.
"The Internet infrastructure in India is growing rapidly and we are
witnessing a burgeoning broadband population. As a direct consequence, an
industry study has estimated India to have the second highest online shopping
turnover by 2010," said Shantanu Ghosh, VP-India Product Operations, Symantec.
"In such a scenario, the presence of 'scareware' is an impending concern that
will critically affect Indian consumers and enterprises alike."
To encourage unsuspecting users to install their rogue software,
cybercriminals place website ads that prey on users' fears of security threats.
These ads typically include false claims such as "If this ad is flashing, your
computer may be at risk or infected," urging the user to follow a link to scan
their computer or get software to remove the threat. According to the study, 93
percent of the software installations for the top 50 rogue security software
scams were intentionally downloaded by the user. As of June 2009, Symantec has
detected more than 250 distinct rogue security software programs.
The initial monetary loss to consumers who download these rogue products
ranges from $30-100. However, the costs associated to regain ones' identity
could be far greater. Not only can these rogue security programs cheat the user
out of money, but the personal details and credit card information provided
during the purchase can be used in additional fraud or sold on black market
forums resulting in identify theft.
To make matters worse, some rogue security software actually installs
malicious code that puts users at risk of attack from additional threats. As a
result, installing these programs can lower the security posture of a computer
while claiming to strengthen it.
Deceptive ads
There are several methods employed to trick users into downloading rogue
security software, many of which rely on fear tactics and other social
engineering tricks. Rogue security software is advertised through a variety of
means, including both malicious and legitimate websites such as blogs, forums,
social networking sites, and adult sites. While legitimate websites are not a
party to these scams, they can be compromised to advertise these rogue
applications. Rogue security software sites may also appear at the top of search
engine indexes if scam creators have seeded the results.
To increase the likelihood of fooling users, rogue security software creators
design their programs so that they appear as credible as possible, mimicking the
look and feel of legitimate security software programs. In addition, these
programs are often distributed on websites that appear credible and enable the
user to easily download the illegitimate software. Some malicious sites actually
use legitimate online payment services to process credit card transactions and
others return an e-mail message to the victim with a receipt for
purchase-complete with serial number and customer service number.
Middlemen distribute rogue software for profit and prizes
Cybercriminals are profiting from a highly organized pay-for-performance
business model that pays scammers to trick users into installing bogus security
programs. According to the study, the top 10 sales affiliates for the rogue
security distribution site TrafficConverter.biz reportedly earned an average of
$2,000 per week during the12-month study period of the report, or almost three
times the weekly salary of the President of the United States.
To protect against rogue security software, Symantec recommends that both
enterprises and users employ the latest protection from security risks, such as
Symantec Endpoint Protection or Norton Internet Security. Users and enterprises
are also advised to follow best practices for protection and mitigation.
Specifically, users should invest in and install only proven, trusted security
software from reputable security vendors whose products are sold in established
retail and online stores.
Best practices for protection and mitigation as outlined in the report
include:
- Avoid following links from e-mails
- Never view, open, or execute e-mail attachments unless the attachment is
expected and comes from a known and trusted source - Be cautious of pop-up windows and banner advertisements that mimic
legitimate displays. Suspicious error messages displayed inside the Web
browser are often methods rogue security software scams use to lure users into
downloading and installing their fake product.
DQC News Bureau