Security Bytes

Oct 19 2009   10:34PM GMT

A good business model: Symantec reports on “scareware”

Neil Roiter Profile: NBRoiter


Report finds cybercriminals well organized in coordinated rogue antivirus schemes.

Maybe we’ve made people too security conscious?

I’m being facetious, but if we hadn’t succeeded in scaring people straight into worrying about identity-stealing malware and phishing attacks, would so many fall for rogue antivirus scams? I confess, I’m more tempted to click yes, please make my PC whole again when I see a pop-up that looks even more like Windows Security Center than Windows Security Center than I am to click a link to address a bogus issue with my bank account security or, certainly, to respond to a sales pitch for cheap Viagra or breast implants.

The “Symantec Report on Rogue Security Software” covering a year (July 2008-June 2009) of “scareware” paints an all-too-familiar picture of organized cybercrime that is…very well organized.

Consider that this is a direct pay model. You give the AV “vendor” your credit card number, paying anywhere from $30 to $100 for software that at best does nothing at all and at worst drops some really nasty malware on your hard drive. They’ll often use legitimate credit card transaction companies– it’s just good business practice — because phony transaction handlers are likely to be discovered and shut down.

The scareware vendors use networks of affiliates, who use dedicated websites, banner ads, spam and spyware to download the “YOUR PC IS INFECTED!! TO BE SURE YOU ARE FREE OF MALWARE, PURCHASE XPANTIVIRUS” message. According to the report, the affiliates get between a penny and 55 cents per installation, the highest payoffs going for drops on U.S. computers. Affiliates get a lot more if someone actually buys the rogue software.

Symantec received reports of 43 million rogue security software attempts to install the more than 250 distinct examples of rogue AV software it identified.

The report echoed many of the findings of Panda Security in a July report.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: