December 02, 2009, 10:21 PM — According to Symantec's comprehensive Report on Rogue Security Software, 43 million users downloaded one of 250 so-called "scareware" programs from June 2008 through June 2009. Preying on users' fears of being infected while using the Internet, scammers duped well-intentioned users into purchasing and installing these security programs that in reality not only provide little or no protection but often actually install the very malicious code they promise to eradicate.
Meanwhile, as scareware creators con thousands of people out of money and put users' confidential information at risk, these scammers are also turning big profits--with the most successful scam artists earning $23,000 each week.
To avoid becoming a victim of a rogue security software scam, users must be able to recognize such cons and take steps to minimize their vulnerability.
If This Ad is Flashing, Expect a Con
Scammers use several methods to trick users into downloading rogue security software. They design their programs to appear as credible as possible, often mimicking the look and feel of known, legitimate security software programs--using the same fonts, colors, and layouts of real security sites as well as familiar advertisements, pop-up windows, and notifications. These rogue applications typically also have names that are similar to legitimate software. For example, the top five fake security programs are named SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.
Rogue security software even shows up alongside legitimate security programs in searches, often at the top of the search engine index. Scammers seed search engine results by capitalizing on popular news items, events, or celebrities, typically using a range of black hat search engine optimization (SEO) techniques to effectively poison search engine results. By doing this, they elevate the ranking of their scam sites whenever any topical news event is searched. For example, as the Downadup worm (also known as Conficker) worm proliferated rapidly toward the end of 2008, scammers created website pages populated with information about the worm as well as links pointing to rogue security software sites that promised to protect against the worm.
Another highly effective scamming tactic is to display false claims of security threats on a user's computer. For example, a user may be surfing the web when an ad begins flashing and a message appears telling the user that the flashing ad indicates the user's computer is likely infected or at risk of infection. Furthermore, these messages are often persistent, repeatedly urging the user to address the risk immediately by following a link where the computer is more completely scanned, the user can buy protective software, or the threat can be removed.
Worse yet, these and other tactics work. According to the report, 93 percent of installations of rogue security software are intentional. What users are unaware of, however, is that by allowing a scan, purchasing rogue software, or downloading removal tools, they may actually be exposing their computers to spyware and keyloggers, unknowingly putting their credit card numbers and other personally identifiable information into scammers' hands, and even depositing money directly into scammers' pockets.
The Price for Users
Users who purchase and install rogue security software increase their risk to security threats. Why? Because although rogue security software does not protect against security threats, users who download it believe their computers are clean, and they act accordingly. This may, in turn, expose other users to the same risks.
Furthermore, rogue security software might actually install malicious code that makes users vulnerable to other threats; these can include worms and other malware that scammers can then leverage to launch additional attacks in order to commit fraud, identity theft, and more.
Rogue security software also weakens a user's security posture. Often, these programs instruct the user to disable legitimate security software in order to register the rogue product. Rogue security programs may also prevent the user from accessing legitimate security websites that provide true protection.
And, with users paying between $30 and $100 for a bogus piece of software, the price to the user adds up--not only in increased vulnerability but also in a false sense of a security.
The Payoff for Scammers
