Millions of computer users rely on fake security software

According to Symantec's comprehensive Report on Rogue Security Software, 43 million users downloaded one of 250 so-called "scareware" programs from June 2008 through June 2009. Preying on users' fears of being infected while using the Internet, scammers duped well-intentioned users into purchasing and installing these security programs that in reality not only provide little or no protection but often actually install the very malicious code they promise to eradicate.

Meanwhile, as scareware creators con thousands of people out of money and put users' confidential information at risk, these scammers are also turning big profits--with the most successful scam artists earning $23,000 each week.

To avoid becoming a victim of a rogue security software scam, users must be able to recognize such cons and take steps to minimize their vulnerability.

If This Ad is Flashing, Expect a Con

Scammers use several methods to trick users into downloading rogue security software. They design their programs to appear as credible as possible, often mimicking the look and feel of known, legitimate security software programs--using the same fonts, colors, and layouts of real security sites as well as familiar advertisements, pop-up windows, and notifications. These rogue applications typically also have names that are similar to legitimate software. For example, the top five fake security programs are named SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.

Rogue security software even shows up alongside legitimate security programs in searches, often at the top of the search engine index. Scammers seed search engine results by capitalizing on popular news items, events, or celebrities, typically using a range of black hat search engine optimization (SEO) techniques to effectively poison search engine results. By doing this, they elevate the ranking of their scam sites whenever any topical news event is searched. For example, as the Downadup worm (also known as Conficker) worm proliferated rapidly toward the end of 2008, scammers created website pages populated with information about the worm as well as links pointing to rogue security software sites that promised to protect against the worm.

Another highly effective scamming tactic is to display false claims of security threats on a user's computer. For example, a user may be surfing the web when an ad begins flashing and a message appears telling the user that the flashing ad indicates the user's computer is likely infected or at risk of infection. Furthermore, these messages are often persistent, repeatedly urging the user to address the risk immediately by following a link where the computer is more completely scanned, the user can buy protective software, or the threat can be removed.

Worse yet, these and other tactics work. According to the report, 93 percent of installations of rogue security software are intentional. What users are unaware of, however, is that by allowing a scan, purchasing rogue software, or downloading removal tools, they may actually be exposing their computers to spyware and keyloggers, unknowingly putting their credit card numbers and other personally identifiable information into scammers' hands, and even depositing money directly into scammers' pockets.

The Price for Users

Users who purchase and install rogue security software increase their risk to security threats. Why? Because although rogue security software does not protect against security threats, users who download it believe their computers are clean, and they act accordingly. This may, in turn, expose other users to the same risks.

Furthermore, rogue security software might actually install malicious code that makes users vulnerable to other threats; these can include worms and other malware that scammers can then leverage to launch additional attacks in order to commit fraud, identity theft, and more.

Rogue security software also weakens a user's security posture. Often, these programs instruct the user to disable legitimate security software in order to register the rogue product. Rogue security programs may also prevent the user from accessing legitimate security websites that provide true protection.

And, with users paying between $30 and $100 for a bogus piece of software, the price to the user adds up--not only in increased vulnerability but also in a false sense of a security.

The Payoff for Scammers

In contrast, rogue security software providers make impressive profits from peddling their bogus software. Today's scammers distribute their fake software using an affiliate-based, pay-per-install model. Taking a page from traditional multi-level marketing and pyramid schemes, these businesses require interested users to register as an affiliate on a site that distributes the rogue security software. New registrants are provided the support and tools they need to distribute, promote, and market the scam; these may include obfuscation tools that the new affiliate can use to configure the rogue program to modify itself every few minutes in order to escape detection.

Scammers, in turn, are paid each time they trick a user into installing or purchasing the bogus software, with commissions paid out for installs of rogue security software that also contains malicious code. Scammers may also be offered bonuses for a certain number of installations as well as VIP points that may qualify the scammer for big-ticket prizes such as electronics or luxury cars.

According to the Symantec report, top affiliates earn as much as $332,000 per month for duping users into installing rogue security software.

Best Practices for Avoiding Scams

The most effective tactics for avoiding rogue security software scams include both practices and technologies. Perhaps the most important first step is to invest in and install only proven, trusted security software from reputable vendors; these vendors' products can be found in established retail stores and on trustworthy vendor websites.

Users can also mitigate risk by typing in URLs rather than following links in emails; these links may be to spoofed or malicious sites. Users are also advised to avoid viewing, opening, or executing email attachments unless the attachment is expected and comes from a trusted source. Finally, users should be wary of pop-up windows and banner advertisements; rogue security software scams often display suspicious error messages inside web browsers to lure users into downloading and installing fake security software.

With today's cybercriminals willing, eager, and well-equipped to prey on Internet users, consumers and business users must remain vigilant so they can identify these scams and avoid becoming victims. By leveraging a combination of practices and technologies, users can protect their confidential information and build an effective defense against scammers and rogue security software and, in turn, maintain a strong security posture in an ever-changing Internet threat landscape.