Rogue security software rampant: Symantec 20 October, 2009 By Mark Cox

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

The study found that 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user. That's because cybercriminals place website ads that prey on users' fears of security threats. These ads typically include false claims such as "If this ad is flashing, your computer may be at risk or infected," urging the user to follow a link to scan their computer or get software to remove the threat. This software is advertised through legitimate Web sites such as blogs, forums, social networking sites, and adult sites. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.

While customers who purchase these things will be out the $30 to $100 of the purchase price, the financial risks are far greater. Because the vendors here are criminals, providing them with personal details and credit card information during the purchase opens the customer to a very high risk that their data can be used in additional fraud or sold on black market forums -- resulting in identify theft.

Some rogue security software also installs malicious code that puts users at risk of attack from additional threats. As a result, installing these programs can lower the security posture of a computer while claiming to strengthen it. For example, rogue programs may instruct the user to lower or disable any existing security settings while registering the bogus software or prevent the user from accessing legitimate security Web sites after installation. This, in turn, leaves users exposed to the very threats the rogue software promised to protect against.

Cybercriminals are profiting from a highly organized pay-for-performance business model that pays scammers to trick users into installing bogus security programs. According to the study, the top ten sales affiliates for the rogue security distribution site TrafficConverter.biz reportedly earned an average of $23,000 per week during the 12-month study period of the report -- almost three times the weekly salary of the President of the United States. Among the distribution sites Symantec observed, affiliates are paid $0.55 for installations of rogue security software by users in the U.S.; affiliates are paid $0.52 for installations by users in the U.K. and Canada; and affiliates are paid $0.50 for installations by users in Australia.

These practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor or directed to the online retailer's website due to the affiliate's marketing efforts. Through this model, affiliates of rogue software scams can earn between $0.01 and $0.55 for every successful installation. The highest prices are paid for installations by users in the U.S., followed by the U.K., Canada, and Australia. Some distribution sites also offer their affiliates incentives in the form of bonuses for a certain number of installs, as well as VIP points and prizes such as electronics and luxury cars.

To protect against rogue security software, Symantec recommends that both enterprises and users employ the latest protection from security risks. Users and enterprises are also advised to follow best practices for protection and mitigation:

Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website.

Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.

Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.

"The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today's Internet user," said Stephen Trilling, Senior Vice President, Symantec Security Technology and Response. "To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors' websites."