Cybercriminals Intimidate Users to Buy Scareware

by Sharon Lobo    Nov 26, 2009

Currently, the Internet infrastructure in India is growing at a rapid pace, thereby resulting in a large broadband population. As a direct consequence of this, it has been estimated that India will have the second highest online shopping turnover by 2010. This trend comes as good news not only online retailers but to cybercriminals as well. According to Symantec’s Report on Rogue Security Software, it has been revealed that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase ‘rogue security software’ or ’scareware’.

Scareware is software that pretends to be legitimate security software, however they provide little or no value and may even install malicious code or reduce the overall security of the computer. To encourage unsuspecting users to install their scareware, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as "If this ad is flashing, your computer may be at risk or infected," urging the user to follow a link to scan their computer or get software to remove the threat.

According to Symantec’s study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user. As of June 2009, Symantec has detected more than 250 distinct rogue security software programs, the top five of amongst them are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus

The initial monetary loss to consumers who download these rogue products ranges from $30 to $100. However, the costs associated to regain ones’ identity could be far greater. Not only can these rogue security programs cheat the user out of money, but the personal details and credit card information provided during the purchase can be used in additional fraud or sold on black market forums resulting in identify theft.

To make matters worse, some rogue security software actually installs malicious code that puts users at risk of attack from additional threats. As a result, installing these programs can lower the security posture of a computer while claiming to strengthen it. For example, rogue programs may instruct the user to lower or disable any existing security settings while registering the bogus software or prevent the user from accessing legitimate security Websites after installation. This, in turn, leaves users exposed to the very threats the rogue software promised to protect against.

There are several methods employed to trick users into downloading rogue security software, many of which rely on fear tactics and other social engineering tricks. Rogue security software is advertised through a variety of means, including both malicious and legitimate websites such as blogs, forums, social networking sites, and adult sites. While legitimate websites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

Cybercriminals also profit from a highly organized pay-for-performance business model that pays scammers to trick users into installing bogus security programs. Rogue security software creators design their programs so that they appear as credible as possible, mimicking the look and feel of legitimate security software programs. In addition, these programs are often distributed on websites that appear credible and enable the user to easily download the illegitimate software. Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an e-mail message to the victim with a receipt for purchase - complete with serial number and customer service number.

To avoid becoming a victim of scareware, Internet users need to make sure about the following

  • Use a genuine security software and always keep it updated
  • Always obtain the security software directly from trusted vendors’ websites or sources
  • Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website
  • Be suspicious of any emails that are not directly addressed to your email address. Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source
  • Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product