Symantec Warns Of Rogue Security Software

    October 20, 2009

Cybercriminals are increasingly using online scare tactics to persuade users to buy rogue security software, according to a new report from Symantec.

To convince users to install rogue software, cybercriminals place ads on websites that prey on users’ fears of security threats.  The ads generally include false claims such as "If this ad is flashing, your computer may be at risk or infected," instructing the user to follow a link to scan their computer or get software to remove the threat.

The study found 93 percent of the software installed for the top 50 rogue security software scams were intentionally downloaded by the user. As of June 2009, Symantec has detected more than 250 different rogue security software programs.

Stephen Trilling, Senior Vice President, Symantec Security
Stephen Trilling,
Senior Vice President,
Symantec Security

The initial loss to people who download the rogue software ranges from $30 to $100. The personal details and credit card information provided during the purchase can be used for additional fraud or sold on black market forums leading to identity theft.

There are a number of ways used to trick people into downloading rogue security software. The software can be advertised through both malicious and legitimate websites such as blogs, forums, and social networking sites. Legitimate websites are not part of these scams, but  they can be compromised to advertise these rogue applications.

To increase the likelihood of fooling users, rogue security software creators design their programs so that they appear as credible as possible, mimicking the look and feel of legitimate security software programs.
In addition, these programs are often distributed on Web sites that appear credible and allow the user to easily download the illegitimate software.

Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an e-mail message to the victim with a receipt for purchase – complete with serial number and customer service number.

"The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user," said Stephen Trilling, Senior Vice President, Symantec Security Technology and Response.

"To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites."