Symantec Corp. announced the findings of its Report
on Rogue Security Software. The study’s findings, based on data obtained
during the 12-month period of July 2008 to June 2009, reveal that cybercriminals
are employing increasingly persuasive online scare tactics to convince users to
purchase rogue security software. Rogue security software, or “scareware,” is
software that pretends to be legitimate security software. These rogue
applications provide little or no value and may even install malicious code or
reduce the overall security of the computer.
To encourage unsuspecting users to install their rogue software,
cybercriminals place website ads that prey on users’ fears of security threats.
These ads typically include false claims such as “If this ad is flashing, your
computer may be at risk or infected,” urging the user to follow a link to scan
their computer or get software to remove the threat. According to the study, 93
percent of the software installations for the top 50 rogue security software
scams were intentionally downloaded by the user. As of June 2009, Symantec has
detected more than 250 distinct rogue security software programs.
The initial monetary loss to consumers who download these rogue products
ranges from $30 to $100. However, the costs associated to regain ones’ identity
could be far greater. Not only can these rogue security programs cheat the user
out of money, but the personal details and credit card information provided
during the purchase can be used in additional fraud or sold on black market
forums resulting in identify theft.
To make matters worse, some rogue security software actually installs
malicious code that puts users at risk of attack from additional threats. As a
result, installing these programs can lower the security posture of a computer
while claiming to strengthen it. For example, rogue programs may instruct the
user to lower or disable any existing security settings while registering the
bogus software or prevent the user from accessing legitimate security Web sites
after installation. This, in turn, leaves users exposed to the very threats the
rogue software promised to protect against.
Deceptive Ads Prey on Fear to Convince Users to Buy Rogue
There are several methods employed to trick users into downloading rogue
security software, many of which rely on fear tactics and other social
engineering tricks. Rogue security software is advertised through a variety of
means, including both malicious and legitimate Web sites such as blogs, forums,
social networking sites, and adult sites. While legitimate Web sites are not a
party to these scams, they can be compromised to advertise these rogue
applications. Rogue security software sites may also appear at the top of search
engine indexes if scam creators have seeded the results.
To increase the likelihood of fooling users, rogue security software creators
design their programs so that they appear as credible as possible, mimicking the
look and feel of legitimate security software programs. In addition, these
programs are often distributed on Web sites that appear credible and enable the
user to easily download the illegitimate software. Some malicious sites actually
use legitimate online payment services to process credit card transactions and
others return an e-mail message to the victim with a receipt for purchase –
complete with serial number and customer service number.
Middlemen Distribute Rogue Software for Profit and Prizes
Cybercriminals are profiting from a highly organized pay-for-performance
business model that pays scammers to trick users into installing bogus security
programs. According to the study, the top ten sales affiliates for the rogue
security distribution site TrafficConverter.biz reportedly earned an average of
$23,000 per week during the 12-month study period of the report, or almost three
times the weekly salary of the President of the United States¹.
These practices are similar to the affiliate marketing programs made popular
by online retailers. Affiliate marketing programs reward participating
affiliates or members for each visitor or directed to the online retailer’s
website due to the affiliate’s marketing efforts. Through this model, affiliates
of rogue software scams can earn between $0.01 and $0.55 for every successful
installation. The highest prices are paid for installations by users in the
U.S., followed by the U.K., Canada, and Australia. Some distribution sites also
offer their affiliates incentives in the form of bonuses for a certain number of
installs, as well as VIP points and prizes such as electronics and luxury
To protect against rogue security software, Symantec recommends that both enterprises
and users employ the
latest protection from security risks, such as Symantec Endpoint
Protection or Norton Internet
Security. Users and enterprises are also advised to follow best practices
for protection and mitigation outlined in Appendix A of the Report on Rogue
Security Software. Specifically, users should invest in and install only proven,
trusted security software from reputable security vendors whose products are
sold in established retail and online stores. Best practices for protection and
mitigation as outlined in the report include:
- Avoid following links from emails, as these may be links to spoofed or
malicious websites. Instead, manually type in the URL of a known, reputable
- Never view, open, or execute email attachments unless the attachment is
expected and comes from a known and trusted source. Be suspicious of any emails
that are not directly addressed to your email address.
- Be cautious of pop-up windows and banner advertisements that mimic
legitimate displays. Suspicious error messages displayed inside the Web browser
are often methods rogue security software scams use to lure users into
downloading and installing their fake product.