Cybercriminals are increasingly seen capitalising on the insecurity of the Internet users convincing them to buy rogue security software. According to a recent findings of Symantec, cybercriminals are employing persuasive online scare tactics to convince users to purchase rogue security software.
Rogue security software which is also known as ‘scareware’, is software that pretends to be legitimate security software. These rogue applications provide little or no value, and may even install malicious code or reduce the overall security of the computer.
Symantec’s findings which is based on the data obtained during the 12 month period of July 2008 to June 2009, cybercriminals place website ads that prey on users’ fears of security threats to encourage unsuspecting users to install rogue software. These ads typically make false claims such as the user’s computer may be at risk or infected if that ad flashes on their computers. They also urge the user to follow a link to scan their computer or get the software to remove the threat.
According to the study, 93 per cent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user. As of June 2009, Symantec has detected more than 250 distinct rogue security software programmes.
“The Internet infrastructure in India is growing rapidly and we are witnessing a burgeoning broadband population. In such a scenario, the presence of 'scareware’ is an impending concern that will critically affect Indian consumers and enterprises alike,” said Shantanu Ghosh, vice president, India Product Operations, Symantec.
Users who download the rogue products incurs initial monetary loss in the range of $30 to $100. However, the costs associated to regain ones’ identity could be far greater, according to Symantec. The rogue security programmes also manage to obtain the personal details and credit card information of the users in the process of selling the rogue security software what they usually sell in the black market forums resulting in identify theft.
Some rogue security software also installs malicious code that puts users at risk of attack from additional threats. This may result in lowering the security posture of a computer. For example, rogue programmes may instruct the users to lower or disable any existing security settings while registering the bogus software. This leaves the users exposed to the very threats the rogue software promised to protect against, claims Symantec findings.
More From This Section
Cybercriminals who play a major role in forcing the users to install the bogus software are rewarded by the rogue security software sites in the similar way as affiliate marketing programmes. Affiliate marketing programmes reward participating affiliates for directing visitors to the online retailer’s website.
According to the study, the top ten sales affiliates for the rogue security distribution site TrafficConverter.biz reportedly earned an average of $23,000 per week during the 12-month study period. This amount is almost three times the weekly salary of the President of the United States, says the Symantec report.
“The findings of our report make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user. To avoid becoming a victim of such predatory practices, we strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites,” added Ghosh.
Rogue security software creators design their programmes in such a manner that these appear as credible as possible, mimicking the look and feel of legitimate security software programmes. These programmes are often distributed on Web sites that appear credible and enable the user to easily download the illegitimate software.