/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE,INDIA: Cybercriminals are profiting from a highly organized pay-for-performance business model that pays scammers to trick users into installing bogus security programs. According to the study, the top ten sales affiliates for the rogue security distribution site TrafficConverter.biz reportedly earned an average of $23,000 per week during the 12-month study period of the report, or almost three times the weekly salary of the President of the United States.
These practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor or directed to the online retailer’s website due to the affiliate’s marketing efforts.
Through this model, affiliates of rogue software scams can earn between $0.01 and $0.55 for every successful installation. The highest prices are paid for installations by users in the U.S., followed by the U.K., Canada, and Australia. Some distribution sites also offer their affiliates incentives in the form of bonuses for a certain number of installs, as well as VIP points and prizes such as electronics and luxury cars.
To protect against rogue security software, Symantec recommends that both enterprises and users employ the latest protection from security risks, such as Symantec Endpoint Protection or Norton Internet Security. Users and enterprises are also advised to follow best practices for protection and mitigation outlined in Appendix A of the Report on Rogue Security Software. Specifically, users should invest in and install only proven, trusted security software from reputable security vendors whose products are sold in established retail and online stores. Best practices for protection and mitigation as outlined in the report include:
* Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website.
* Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.
* Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.
Additional Facts
· The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.
· Among the distribution sites Symantec observed, affiliates are paid $0.55 for installations of rogue security software by users in the U.S.; affiliates are paid $0.52 for installations by users in the U.K. and Canada; and affiliates are paid $0.50 for installations by users in Australia.
o The fifth highest price is considerably lower, with affiliates paid just $0.16 for installations by users in Spain, Ireland, France, and Italy.
o The per-installation-price variations from country to country varies based on the likelihood of users from that country paying for the fake security software.
· Ninety-three percent of rogue security software programs are advertised through a Web site designed for this purpose; 52 percent are promoted through Web advertising.
· Of the top 50 reported rogue security applications observed between July 2008 and June 2009, 61 percent of the scams observed by Symantec were attempted on users in North America; 31 percent occurred in the Europe, Middle East, and Africa region; 6 percent occurred in the Asia-Pacific/Japan region; and 2 percent in the Latin America region.
o The higher percentage of rogue security software scams in the top two regions is likely due to the fact that the majority of malicious activity in general is also in the North America and Europe/Middle East/Africa regions.
o The higher percentage of rogue security software scams in North America may also be due to the fact that affiliates are paid a higher per-installation price for installing their software onto the computers of users in this region.
(Source: Symantec)