Feeds

Scareware Mr Bigs enjoy 'low risk' crime bonanza

It's like a licence to steal, a licence to do anything

Internet Security Threat Report 2014

RSA Europe 2009 Cybercriminals are growing rich by franchising out scareware distribution operations.

The trade in rogue anti-virus application can make top-tier distributors an estimated $1.2m (£ 850,000) a year, net security firm Symantec estimates. A study by Symantec into the psychology of the scam found that 93 per cent of users deliberately downloaded and installed scareware packages, albeit without realising what they were getting for their money.

Scareware slingers use trickery to mimic the look and feel of legitimate security packages, tapping into users' fears in order to trick them into buying worthless software packages. Some malicious sites use legitimate online payment services to process credit card purchases, offering receipts and serial numbers.

Marks ended up running scareware packages of little or no utility, at best. Some of these packages install malicious code or reduce the overall security of a client PC, while in other cases users' payment details are used to facilitate further forms of fraud.

The comparatively low-risk, fast-growing form of cybercrime typically uses an affiliate-based sales model. Symantec’s study found that the top ten sales affiliates of scareware distribution site TrafficConverter.biz earned an average of $23,000 per week.

The resellers of rogue software earn between $0.01 and $0.55 for every successful installation. Distribution sites sometimes offer affiliates incentives and prizes such as electronic goods and even luxury cars.

Professor David Wall, an expert in cybercrime from Leeds University, explained: “Using the internet for this crime reduces a major risk of for the criminals. Criminals can make big money from many small scams, making the crime difficult to police, especially when it is carried out internationally.”

Wall added that peddling scareware was an even easier crime than phishing, which involves recruiting middlemen as money mules in order to collect funds from compromised banking accounts before sending the money overseas. “Scareware is an automated crime where the collection of money is handled by computers. Crooks can make money while they sleep,” Wall told El Reg..

Crooks involved in the scam typically get involved as a sideline to their other criminal enterprises, according to Wall who described scareware as a form of “entrapment marketing”.

At least 250 different strains of scareware software, which typically sell for anything between $30 and $100, are in circulation. Symantec reckons as many as 200,000 different websites are used to distribute fake anti-virus software packages.

Miscreants typically find vulnerabilities on legitimate websites and plant code that redirects surfers to sites advertising rogue applications.

These websites are typically promoted using black-hat search engine optimisation techniques, themed around various items that might be in the news at any particular time. Symantec’s findings are based on a 12 month study that ran until June 2009. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.