BANGALORE, INDIA: To win, it is said, one needs to first create a scare in his opponent. This is what precisely the cyber attackers seem to be doing nowadays.

After having tried the virus attacks through various menace for long years, there is a sudden spurt in unsuspecting computer users coming under phishing attack of a different nature: advertisements offering free virus scan and fake security software at throwaway prices.

The fake software doesn't do anything, in worst cases further infect the system and cause  considerable damage, says Shantanu Ghosh, vice president, India Product Operations, Symantec.

The Symantec Corp's 'Report on Rogue Security Software' confirms the increasing attacks. According to the study findings, based on data obtained during the 12-month period from July 2008 to June 2009, cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software.

“The Internet infrastructure in India is growing rapidly and we are witnessing a burgeoning broadband population. As a direct consequence, an industry study has estimated India to have the second highest online shopping turnover by 2010,” said Shantanu Ghosh, Vice President, India Product Operations, Symantec. “In such a scenario, the presence of “scareware” is an impending concern that will critically affect Indian consumers and enterprises alike.”

To encourage unsuspecting users to install their rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat.  According to the study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user.  As of June 2009, Symantec has detected more than 250 distinct rogue security software programs.

The initial monetary loss to consumers who download these rogue products ranges from $30 to $100. However, the costs associated to regain ones’ identity could be far greater. Not only can these rogue security programs cheat the user out of money, but the personal details and credit card information provided during the purchase can be used in additional fraud or sold on black market forums resulting in identify theft.  

To make matters worse, some rogue security software actually installs malicious code that puts users at risk of attack from additional threats. As a result, installing these programs can lower the security posture of a computer while claiming to strengthen it. For example, rogue programs may instruct the user to lower or disable any existing security settings while registering the bogus software or prevent the user from accessing legitimate security Web sites after installation. This, in turn, leaves users exposed to the very threats the rogue software promised to protect against.

Deceptive Ads Prey on Fear to Convince Users

There are several methods employed to trick users into downloading rogue security software, many of which rely on fear tactics and other social engineering tricks. Rogue security software is advertised through a variety of means, including both malicious and legitimate Web sites such as blogs, forums, social networking sites, and adult sites. While legitimate Web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.

To increase the likelihood of fooling users, rogue security software creators design their programs so that they appear as credible as possible, mimicking the look and feel of legitimate security software programs.  In addition, these programs are often distributed on Web sites that appear credible and enable the user to easily download the illegitimate software.  Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an e-mail message to the victim with a receipt for purchase – complete with serial number and customer service number.

Rogue Software for profit and prizes

Cybercriminals are profiting from a highly organized pay-for-performance business model that pays scammers to trick users into installing  bogus security programs. According to the study, the top ten sales affiliates for the rogue security distribution site TrafficConverter.biz reportedly earned an average of $23,000 per week during the 12-month study period of the report, or almost three times the weekly salary of the President of the United States.

These practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor or directed to the online retailer’s website due to the affiliate’s marketing efforts.  Through this model, affiliates of rogue software scams can earn between $0.01 and $0.55 for every successful installation. The highest prices are paid for installations by users in the U.S., followed by the U.K., Canada, and Australia. Some distribution sites also offer their affiliates incentives in the form of bonuses for a certain number of installs, as well as VIP points and prizes such as electronics and luxury cars.