Symantec finds rogue AV to be well-oiled profit machine

Share this article:

An examination into the rogue anti-virus marketplace has revealed a well-organized racket that resembles the adware and spyware industry of several years ago.

A yearlong study by Symantec researchers, released Monday and titled "Report on Rogue Security Software," concluded that the success of fake anti-virus software -- also known as scareware because the makers use fear tactics to get victims to act -- is fueled by an affiliate model that earns them between one and 55 cents per successful installation.The highest fees are paid if victims come from the United States, U.K. or Canada.

These affiliates advertise the bogus solutions through websites, legitimate or malicious, or through advertisements, banner ad compromise on the website of The New York Times, according to the report. Often, the scammers "poison" search results so that their sites appear near the top of search results for popular terms. In many cases, the web server being used to host and download the fake AV is based in the United States.

Meanwhile, the scareware creators earn between $30 and $100 from victims who agree to pay for the software in hopes of resolving fake claims that their PCs are infected, the report said.

By all accounts, rogue AV makers, master affiliates -- such as TrafficConverter.biz, which served as major rogue AV distribution point until being dismantled earlier this year -- and their individual affiliates are earning quite a bit of money, Vincent Weafer, vice president of Symantec Security Response, told SCMagazineUS.com.

According to data culled from Symantec customers between July 1, 2008 and June 30, 2009, there were 250 distinct families of rogue security programs, resulting in 43 million attempted downloads. The most common counterfeit applications carry legitimate-sounding names, such as SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure and XP AntiVirus.

Weafer said the rogue AV market has become a global enterprise, drawing many parallels to the adware/spyware markets in which there is a well organized distribution model that features a number of players.

"It's the gift that keeps on giving," he said. "It's just very effective, if you go out and scare people. The message that you're infected and you need to take care of it now seems to get a lot of people."

Weafer added the the danger to victims is not only that the rogue AV maker steals their credit card information when they purchase the fake product. By installing the program, the criminal also gains control over that victim's PC, allowing him to install additional malware at any time.

Users should be careful to avoid tricks in which "someone is screaming at you that you're infected," Weafer said.

He said authorities must increase their enforcement of rogue AV operations.

"Follow the money," Weafer said. "If you can disrupt their money supply, it makes it less attractive."

In June, a Cincinnati man agreed to pay $1.9 million to settle charges with the Federal Trade Commission for his involvement in a scheme that tricked more than one million individuals into buying rogue anti-virus products.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.