Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Symantec report on the growing problem of Scareware

Symantec : 20 October, 2009  (Special Report)
Cyber criminals are turning to scareware as an easy way to make large amounts of money by tricking people into buying bogus anti virus software
Newsletter featured story - sign up for our free weekly editorial newsletter here

Fat cat cybercriminals are pocketing huge profits through a comparatively low-risk, fast-growing crime peddling bogus security software or so called 'Scareware' to unsuspecting internet users. This is according to a new report from Symantec on Rogue Security Software.

A 3rd generation of highly organised criminals, are creating 'Scareware' - counterfeit anti-virus software, that unsuspecting users are tricked into downloading when they visit unfamiliar websites - enabling kingpin cybercriminals to net profits of more than 850,000 GBP a year (858,130 GBP). The sophistication of the scam means that 93% of Scareware is intentionally downloaded by internet users convinced they are doing the 'right' thing.

Experts say Scareware has gathered momentum precisely because it preys on our fears when using the internet - if we believe we're open to a security threat then we're more likely to make a knee-jerk reaction. The 'scare' or 'shock' aspect of the message seeks to induce a panic response, so users are inclined to quickly click the 'continue' or 'accept' box and then proceed to payment to fix an urgent issue rather than consider what they are being shown.

Rogue Security Software also known as 'scareware' pretends to be legitimate security software and tricks unsuspecting internet users into downloading counterfeit anti-virus software when they visit unfamiliar websites. These rogue applications provide little or no value and may even install malicious code or reduce the overall security of the computer.

To date, Symantec has detected 250 separate fake programs being sold for between 20 and 60 GBP. Symantec discovered they were sold via nearly 200,000 websites worldwide, made up of dedicated websites and banner adverts placed by scammers on legitimate websites.

There are several methods employed to trick users into downloading Rogue Security Software, many of which rely on fear tactics and other social engineering tricks. Rogue Security Software is advertised through a variety of means, including both malicious and legitimate websites such as blogs, forums, social networking sites, and adult sites. While legitimate Web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

Rogue Security Software creators design their programs to appear as 'real' as possible. They use legitimate-sounding product names; for example, the top five Rogue Security Software applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus. They use advertisements, pop-up windows, and notification icons that mimic legitimate security programs. They use the same fonts, colours, and layouts as trusted security vendor sites. They may use a legitimate online payment service or return a confirmation and receipt email to the user along with a customer service number. They may offer free trials or free system scans

The sale and distribution of scareware to vendors uses an affiliate-based business model, similar to buying a well-known high street franchise business. Successful scammers are rewarded with big paychecks and luxury prizes. Top affiliates can earn as much nearly 7,000 GBP a month (6,974 GBP) for duping users into installing security risks, including Rogue Security Software programs. The scammer is paid every time he or she tricks a user into installing the Rogue Security Software, and commissions are greater for installs of software.

The threat from Rogue Security Software is expected to grow over the next 6-12 months and Symantec is warning that people and businesses need to be vigilant.

Best practices for protection and mitigation as outlined in the report include:

- Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website.
- Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.
- Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.

'The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today's Internet user," said Stephen Trilling, Senior Vice President, Symantec Security Technology and Response. "To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors' websites.

"Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits," said Professor David Wall - School of Criminal Justice Studies and Information Societies, University of Leeds. "This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it's a con. I would advise Internet users to be careful while online and only download from trusted sources.'

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo