December 14, 2009

FBI: Fraudsters earned $150 million in rogue AV scams

For the first time, the FBI has issued a public warning about the threat of rogue anti-virus software, which the agency said has resulted in more than $150 million in losses to victims.

In an intelligence note posted Friday on the website of the Internet Crime Complaint Center, the FBI said users should be on the lookout for pop-up advertisements masking as legitimate-looking AV software, known as "rogueware" or "scareware."

Rogue anti-virus software typically is purveyed through malicious advertisements, or "malvertisements," on trusted websites. When viewed or clicked, the ads lead users to sites that claim their computer is infected and, to resolve the issue, they should buy an anti-virus product, which turns out to be fake. In other instances, the ads try to install trojans onto the victim's PC.

Criminals also have orchestrated the attack by "poisoning" search results, so that when a user searches for a popular term, he or she is led to a website site hosting the bogus software.

"The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer," the FBI alert said. "Once the pop-up appears, it cannot be easily closed."

The FBI said computers running with administrator privileges are more likely to be infected. In addition, users should always research the names of security software applications to ensure their legitimacy.

A recently released report from the Anti-Phishing Working Group, which analyzed internet fraud trends for the first half of 2009, found that the number of rogue AV programs from January to June surpassed the total for all of 2008. In June, the final month of the study, there were 152,197 new strains.

"The primary reason for the creation of so many variants is to avoid signature-based detection by legitimate anti-virus programs," said Luis Corrons, technical director at PandaLabs and a contributor to the report. "The use of behavioral analysis is of limited use in this type of malware because the programs themselves do not act maliciously on computers, other than displaying false information."

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Scammers exploit interest in NBA finals to spread Facebook spam

Spammers also used pages on Tumblr to carry out a social networking scam.

Microsoft's new bug bounty program offers up to $11k in incentives

The tech giant now joins other major companies offering rewards to successful bug hunters.

Hacker defaces Facebook fan page of children's theme park

After contacting Facebook and claiming he was allowed access to manage the page, a miscreant blocked previous administrators and littered the page with sexual and racist references.