Cybercriminals are reaping big profits by persuading unsuspecting users to purchase and download rogue security software. Leveraging a highly organized affiliate-based business model that rewards scammers for selling this rogue software, the most successful con artists are earning up to $332,000 a month as well as rewards such as luxury cars. Meanwhile, their victims are left with 'security programs' that not only provide little or no protection but may put them at risk from malicious software as well as fraud and identity theft.
According to the Symantec Report on Rogue Security Software, 43 million users fell victim to rogue security software scams between June 2008 and June 2009. During this period, Symantec observed 250 distinct security software programs that were marketed and advertised as legitimate but that were, in fact, rogue security applications. Users either installed this software manually, believing it to be legitimate, or the software automatically installed when the user visited a malicious website.
Needless to say, users who want to avoid becoming the next victim of a rogue security software scam must be able to identify such threats and know how to mitigate their risk.
Rogue security software is a type of misleading application, also known as "scareware," that pretends to be legitimate security software-such as an antivirus scanner or a registry cleaner. In actuality, however, the software provides little or no protection and, in fact, may actually install the very malicious code it purports to protect against.
While rogue security software may appear in a variety of shapes and sizes, the majority of rogue security applications put users at increased risk in multiple ways. First, regardless of its promises, rogue security software simply does not protect against security threats. Second, rogue security software may actually install malicious code that makes users vulnerable to Internet threats. Third, the scammers who peddle the rogue security software may also use the personal information provided by the victim to commit fraud. And fourth, rogue security software weakens a user's security posture-by instructing the user to disable legitimate security software in order to register the bogus product, or by preventing the user from accessing legitimate security websites.
In other words, rogue security software is not simply an annoying hassle but a serious risk to the security of users.
The Shell Game
Rogue security software appears legitimate, typically offering an interface that mimics that of a legitimate application. These applications also use realistic-sounding names, such as AntiVirus 2008, AntiVirus 2009, VirusRemover 2008, and SystemGuard2009. Most rogue security programs have fully developed websites that enable users to download and purchase the software; some even use legitimate online payment services to process credit card transactions, while others return an email message to confirm the purchase and include a product serial number and customer service phone number.
Even their marketing tactics are believable. Rogue security scammers use ads, pop-up windows, and notification icons that are designed to mimic legitimate antivirus software programs. For example, rogue security program AntiVirus 2009 used a security warning notification window that appeared to come from Microsoft to tell users "AntiVirus 2009 Web Scanner detected dangerous spyware on your system!" SpyWare Secure, another bogus program, displayed a pop-up window with the following message: "Caution! Your system is NOT protected!" Yet another rogue program displayed a Security Alert taskbar notification that read: "Your computer is infected with malicious software. You should use an antivirus product to remove it. Click this message to purchase recommended antivirus software."
In each case, these rogue security software programs used scare tactics to pressure users into purchasing useless and possibly malicious software. Some offered to scan a system for free-always purporting to find threats-while requiring the user to upgrade to the full version in order to actually remove the threats. Other rogue security applications installed additional threats onto the compromised computer while simultaneously producing reports that it was clean. Still others downloaded "removal tools" that were actually other rogue security software programs. It is interesting to note that such scams were not limited to English-speaking applications only. Similar tactics were employed across the world, using multiple languages to maximize the opportunity to exploit users.
Worse yet, rogue security software was advertised on both malicious and legitimate sites, from blogs and forums to social networking sites.
Steering Clear of Software Swindles
Clearly, rogue security software is a devious threat to the security of users. Government organizations, in turn, are taking action to combat perpetrators of rogue software security scams. Legal actions have included charges of fraud, deceptive advertising, misrepresentation, and in some cases, spam distribution.
For example, in 2006, the Attorney General for Washington State obtained a $1 million settlement from a New York-based company that distributed a rogue security software named Spyware Cleaner. In June 2009, a U.S.-based defendant and his company were required to pay more than $1.9 million to settle fraud charges with the Federal Trade Commission stemming from a rogue security software scam that misled more than one million people. And in 2008, the head of a South Korea-based computer security company was charged with fraud by the Seoul Metropolitan Policy Agency for distributing a rogue security software program to more than four million users.
However, to protect against the risk of rogue security software, users themselves should be vigilant and cautious. Avoid becoming a victim by purchasing only proven, trusted security software from reputable security vendors whose products are sold in legitimate retail and online stores. Users should also abstain from responding to online scare tactics and be wary of pop-up displays and banner advertisements that promote security products. In addition, users should not accept or open suspicious error displays from within their Web browser since these are often methods rogue security software scams use to lure users into downloading and installing their bogus products. Furthermore, users should exercise caution when browsing the Web, refrain from visiting untrusted or unfamiliar sites, and be sure to log out of websites when their session is complete.
While security experts expect to see the propagators of rogue security software scams take their efforts to another level in the year ahead, users can protect against this growing risk through increased prudence and discretion. By taking effective countermeasures and avoiding interactions with software from untrustworthy vendors, users can continue to avoid being victimized by the latest and greatest rogue security software scam.
About the Author
Marc Fossi is executive editor of Symantec's Report on Rogue Security Software.