Symantec: Rogue Security Software is Big Business for Crooks

The bogus ads are everywhere. A pop-up tells you: “Your computer may be infected” and urges you to download security software that will scan your computer for viruses, protect it from future infection or both. The problem is most of these products are scams that give you software which is useless. In some cases, the software is even dangerous because it downloads malicious code onto your computer.

The threat from these “scareware” tactics is growing, according to the results of a report released Monday by Symantec Corp. The Report on Rogue Security Software reveals that cybercriminals are profiting from a highly organized affiliate-based business model that rewards scammers for selling bogus security programs to users caught off-guard by persuasive online scare tactics.

Read how the New York Times fell prey to one of these scams earlier this year.

In research conducted from July, 2008 until June, 2009, Symantec detected more than 250 distinct rogue security software programs. The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus, according to the report.

The research finds the creators of rogue security software typically use an affiliate-based, pay-per-install model to distribute their misleading applications. Through this model, affiliates can earn between $0.01 and $0.55 for every successful installation. The highest prices are paid for installations by users in the U.S. first, followed by the U.K., Canada, and Australia, said Symantec.

To increase the likelihood of duping users, rogue security software creators design their programs so that they appear as credible as possible, utilizing advertisements, pop-up windows, and notification icons that mimic legitimate security software programs. In addition, these programs are often distributed on websites that appear credible and enable the user to download the illegitimate software. Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an email message to the victim with a receipt for purchase; complete with serial number and customer service number.

Symantec officials said the estimated purchase price for consumers who download these rogue products ranges from $30 to $100.

“Not only can these rogue security programs cheat the user out of money, but the personal details and credit card information provided during the purchase can be used in additional fraud or sold on black market forums,” according to a release from Symantec. “Scammers may also use the personal information gained from the victim to commit fraud and/or identity theft.”

Some rogue security software actually installs malicious code that puts the user at risk of attack from additional threats.

“Installing these programs can lower the security posture of a computer while claiming to strengthen it,” said Symantec. “For example, they may instruct the user to lower or disable any existing security settings while registering the bogus software or prevent the user from accessing legitimate security websites after installation. This, in turn, leaves users exposed to the very threats the rogue software promised to protect against.”