Never at a loss to cook up new and ingenious scams, cyber-criminals are using increasingly persuasive online scare tactics to convince users to purchase rogue security software.
Rogue security software, also known as “scareware,” pretends to be legitimate security software but actually provides little or no value and may even install malicious code on a user’s computer.
According to the recently released Symantec Report on Rogue Security Software, there are two main ways in which rogue security software is installed on a computer: either it is downloaded and installed manually by a user after he or she has been tricked into believing that the software is legitimate, or it is unknowingly installed onto a computer when a user visits a malicious website.
Rogue security software is advertised in a variety of locations, including malicious and legitimate Web sites such as blogs, forums, social networking sites, and adult sites. While legitimate Web sites aren’t a party to these scams, they can be compromised to advertise these rogue applications.
Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results (see “What You Need to Know About Search Engine ‘Poisoning.’”)
To entrap users, scammers often rely on fear tactics and other social engineering tricks that claim the programs can remove unwanted applications such as spyware or adware when in reality they are often removing legitimate protection and creating a false sense of security.
Not only do these scams cheat users out of money—advertised costs for these products range from $30 to $100, and some even try to sell multi-year licenses—but the personal and credit card information that users provide to register these products could also be used in additional fraud.
To date, Symantec has detected more than 250 distinct rogue security software programs. Between July 1, 2008 and June 30, 2009, Symantec received reports of 43 million rogue security software installation attempts.
The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.
Protection and mitigation
To protect against rogue security software, Symantec recommends that both enterprises and users employ the latest protection from security risks, such as Symantec Endpoint Protection or Norton Internet Security. Users should invest in and install only proven, trusted security software from reputable security vendors whose products are sold in established retail and online stores. Best practices for protection and mitigation include:
- Administrators should update antivirus definitions regularly and ensure that all desktops, laptops, and servers are updated with all necessary security patches from their operating system vendor.
- Email servers should be configured to only allow file attachment types that are required for business needs and to block email that appears to come from within the company, but that actually originates from external sources.
- Enterprises should take measures to prevent P2P clients from being installed on any computers on the network.
- Avoid following links from emails, as these may be links to spoofed or malicious Web sites. Instead, manually type in the URL of a known, reputable Web site.
- Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.
- Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods that rogue security software scams use to lure users into downloading and installing their fake product.
To learn more, download the Symantec Report on Rogue Security Software.