Users are unknowingly saying "yes" to scareware and scamware, as evidenced by a Symantec report which found that 93 percent of rogue security applications are intentionally downloaded by the victims.
Often known as "scareware," rogue security software is any type of program -- such as a fake antivirus scanner -- that falsely claims to be legitimate security software. In reality, the bogus software offers little or no protection and is often used to compel users to submit credit card information. In some cases, the bogus software is used to install malicious code, such as botnets, keystroke loggers and banking Trojans, designed to take control of victims' computers and steal information.
To appear legitimate, many of the programs come with authentic sounding names such as "Virus Remover" or "AntiVirus Gold," accompanied by equally convincing ads designed to mimic legitimate antivirus software programs.
And the tactics work, said Vincent Weafer, vice president of Symantec Security Response. Thus far, Symantec has detected more than 250 rogue security software programs, according to the report.
"The scareware seems to work," Weafer said. "Most of these programs are designed to mimic legitimate programs. Everything appears to be the latest, greatest versions."
The report found that the rogue security applications are extremely profitable, primarily using a pay-per-install model that often nets the attackers between $.01 and $.55 for every successfully installation, which can translate to hundreds of thousands or millions of dollars. The top affiliate of rogue security distributor site TrafficConverter.biz reportedly earned as much as $332,000 a month on commissions for installing and selling security risks, including rogue security software, according to the report.
Ironically, scareware authors generally capitalize on users' fears of malicious code to dupe them into downloading the rogue application. Subsequently, they rely on scare tactics and social engineering by falsely claiming that the user's system is infected with malware, and urging them to click on a link to scan their computer or install software that promises to clean their system, Weafer said.
Other techniques include poisoning search engines, hijacking someone's paid search, embedding hidden keywords, cross linking, rendering certain pages only for search engines and hijacking banner ads, along with targeted social engineering techniques.
"[As with] malware, these guys will use multiple techniques to try to get [rogue antivirus] on your system," he said. "Many of them are designed to look like Microsoft applications. There are a number of different techniques used."
Once installed, the rogue applications almost always misrepresent the computer's security status, or display fake or exaggerated claims of security threats. They typically use coercive techniques including continuous pop-up displays, taskbar notification icons and other alerts that reinforce the premise that the user needs to purchase a full version or register for an annual subscription of the program in order to remove the threats. Some applications even install malicious software while producing reports that the victim's system is clean, Weafer said.
"Removal then requires upgrading to a full version. These guys are just downloading other crap onto your system," Weafer said. "At the very least it's a shady process, at the worst, it's malicious."
Rogue software is generally advertised on both malicious and legitimate Web sites such as blogs, forums and social networking sites in order to exploit users' trust. The rogue applications are also distributed on adult and other malicious sites distributed by shady service providers.
"In most cases, there's a program that needs to be downloaded and they're trying to bring victims to those download sites. They really follow a more traditional Web advertising model," Weafer said, adding that an intentional user download "is the best-case scenario for them."
"You're downloading multiple new malware while you think you're protected," he said.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
