By Jo Best, 19 October 2009 05:01
NEWS
Scareware is bad for your PC and your pocket - but the fake security warning messages popping up on your screen are only the most visible part of a complex scam.
Scareware is fake security software, often heralded by an ersatz dialogue box warning unsuspecting users that their PC is under attack by malware or that it's at risk of a virus infection. For a small fee, the scareware promises, it can solve those security woes.
Needless to say, after victims hand over their credit card details, at best they receive useless software or nothing at all, and at worst, they download themselves a wolf in sheep's clothing - malware purporting to be antivirus software.
Scareware is a growing problem - according to the Anti Phising Working Group, the amount of rogue antivirus software has increased six-fold in the first half of this year and 200 gangs are using it to make money.
And scareware peddlars aren't pushing their software on their own: they have a network of affiliates who earn a fee for every PC user they hook with their fake security software, according to a report by security company Symantec.
The fee-per-installation rate for scareware ranges from 1 cent to 55 cents, depending on geography, with UK users nearing the top of the table at 52 cents per scalp, Symantec said.
For the best earning affiliates, there's also the promise of prizes - cars and electronics - as well as bonuses for the most prolific scareware pushers.
But do the scareware kingpins deliver on their promises? Apparently so, according to David Wall, professor of criminal justice and information society at the University of Leeds.
"My understanding is these people pay up because they need the compliance of these individuals [their affiliates]. One of problems in the way this crime is organised is it's not like mafia command and control, these are people that agree to work together on certain projects. "
In return for their loyalty, the scareware kingpins also provide their affiliates with the tools of their trade, including malware and software to help the scareware avoid detection by legitimate security software, Symantec said.
If the scammers' structure sounds like a clever marketing operation than a criminal scheme, that's no surprise: most scareware operations are closer to business than they are to gangster rackets, according to Wall.
"In a way, the way these scams are constructed they're more like elaborate business ventures that border on illegality.
"The strange thing about the way they're developing is they're moving more away from the criminal border to the legal border," he said.
Instead of aiming to get an individual's bank details and then drain their account, the scammers are now happy with a simple one-off payment.
"In the early days a lot of the scareware was a smokescreen for a lot of phishing information - spyware that would look for your financial details - today they're really just designed to get that £15, £20, £30 out of you."
By moving away from malware distribution and into flogging useless software for cash, the scareware peddlars can avoid detection - £20 wasted is likely to prompt the victim to call the banks and police in the same way an emptied bank account would - and is equally less likely to draw the ire of the authorities.
Of course, not all scareware will leave users a few pounds worse off - while a kingpin may distribute scareware with no malware attached, his associates will likely have other ideas.
"What some of the threat analysts are starting to find is that, as affiliates get involved with their own agenda, they think why don't we put another piece of malicious software in there to link them to a botnet? That's against the original quasi-criminal agenda of the kingpin who started it all off.
"It's a very complex crime."
Comments
There are 2 comments. Join the discussion
1. David Blackman, General Manager Northern Europe
High on everyone’s agenda is the issue of protecting PCs from virus attacks using anti-virus software. However, as outlined in the news today online criminals are making millions of pounds by convincing computer users to download fake antivirus software, which can cause even more damage. So far 40 million people have fallen victim to the "scareware" scam in the past 12 months.
PC users can significantly reduce the odds of their computer becoming infected by fake viruses, also known as bot malware, by regularly updating their security software. But for an extra guarantee users should use imaging software to regularly backup their PC.
Imaging software has the ability to create a master backup of all a PC’s contents, including the operating system, applications, files and personal settings. It can then be set to automatically back up any incremental changes made throughout the day. In the event of a successful fake virus intrusion, imaging software lets the user quickly roll back to an uninfected state simply by hitting a key when they reboot. This way, should anyone be the unwitting victim of a bot malware attack, their PC’s contents are still protected and their recovered data won’t be more than a few minutes old.
This approach will even work if their anti-virus software is briefly out of date, a common situation for many users.
The added benefit of this approach also ensures that in the event of any other failure or system crash users can still recover easily and quickly to its last safe and secure state.
Safe computing!
2. Richard
These scum are just con artists:
Most government & media reports serve only to spread FUD; increasing the fears which make people more vulnerable to these attacks.
Perhaps if all reports stressed that these attackers are simply "con artists" who are using new tricks; and helped ordinary people to protect themselves against "con artists" of all types; perhaps these criminal scum would be less effective.
We all need to stop wrapping these con attacks in mystery; stop using geeky terms such as "phishing" and "pharming"; stop romanticising cunning criminals who make a fast buck.
In other words we all need to explain these attacks and suitable defences in simple everyday language.