Saturday, August 08, 2009

“Scareware” is big business

According to a study by Panda Security, fraudsters are making approximately $34 million per month through what is being called “scareware attacks”.

These are scams designed to trick surfers into purchasing rogue security packages supposedly needed to deal with threats which don’t really exist.

Also termed as “rogueware”, distributors of such software are successfully infecting 35 million machines a month.

Utilizing the concept of social engineering, whereby information on such fake security software is marketed through social networking sites and tools, user are tricked into visiting sites hosting scareware software, downloading it and telling a friend. Other tactics to find users include manipulating the search engine rank of pages hosting scareware.

Panda Security believes that there are over 200 different families of rogueware, with more new variants coming on stream all the time.

The technical director at Panda Labs explains that "Rogueware is so popular among cyber-criminals primarily because they do not need to steal users' personal information like passwords or account numbers in order to profit from their victims. By taking advantage of the fear of malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream."

And the figures support the concern that this trend is growing. In the second quarter of 2009, four times more new strains were created than in the whole of 2008, primarily to avoid signature-based detection by proper security packages.

Another technique, behavior-based detection, is an approach that works well with Trojans and worms, but is limited when applied against scareware packages.

The real issue now emerging is how sacreware is emerging as an organized crime. There are dedicated software creators and distributors of scraeware. They go through a set of procedures: writing the rogue applications, establishing distribution platforms, payment gateways, and any other back office services.

There are also affiliates (distributors) tasked with the job of distributing scareware to as many victims as possible in the fastest possible time.

Stay out of this cycle. Don’t be ‘scared’ into downloading anything. Only obtain well-known industry standard security software. Forget about small, unknown vendors. Just applying common sense is the best protection against scareware, rogueware or any kind of new ‘threatware’.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home