A good business model: Symantec reports on “scareware”

Maybe we’ve made people too security conscious?   I’m being facetious, but if we hadn’t succeeded in scaring people straight into worrying about identity-stealing malware and phishing attacks, would so many fall for rogue antivirus scams? I confess, I’m more tempted to click yes, please make my PC whole again when I see a pop-up that looks [...]

Maybe we’ve made people too security conscious?

 

I’m being facetious, but if we hadn’t succeeded in scaring people straight into worrying about identity-stealing malware and phishing attacks, would so many fall for rogue antivirus scams? I confess, I’m more tempted to click yes, please make my PC whole again when I see a pop-up that looks even more like Windows Security Center than Windows Security Center than I am to click a link to address a bogus issue with my bank account security or, certainly, to respond to a sales pitch for cheap Viagra or breast implants.

 

The “Symantec Report on Rogue Security Software” covering a year (July 2008-June 2009) of “scareware” paints an all-too-familiar picture of organized cybercrime that is…very well organized.

 

Consider that this is a direct pay model. You give the AV “vendor” your credit card number, paying anywhere from $30 to $100 for software that at best does nothing at all and at worst drops some really nasty malware on your hard drive. They’ll often use legitimate credit card transaction companies– it’s just good business practice — because phony transaction handlers are likely to be discovered and shut down.

 

The scareware vendors use networks of affiliates, who use dedicated websites, banner ads, spam and spyware to download the “YOUR PC IS INFECTED!! TO BE SURE YOU ARE FREE OF MALWARE, PURCHASE XPANTIVIRUS” message. According to the report, the affiliates get between a penny and 55 cents per installation, the highest payoffs going for drops on U.S. computers. Affiliates get a lot more if someone actually buys the rogue software.

 

Symantec received reports of 43 million rogue security software attempts to install the

more than 250 distinct examples of rogue AV software it identified.

 

The report echoed many of the findings of Panda Security in a July report covering about the same period.



Read Full Article
GSO
Written on Monday, 19 October 2009 10:34 by GSO

Viewed 48 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News  Latest Security News
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools