Preventing Rogue Security Infections
There are a lot of big numbers being thrown out in the security world these days. Seems like every week a new stunner comes out. Last week we announced the discovery of 44 million stolen credentials from gamers. https://www-secure.symantec.com/connect/blogs/44-million-stolen-gaming-credentials-uncovered
So given all those headlines you may have missed a very telling one. The FTC reported that a scareware (what we call a misleading application or rogue security) vendor between 2004 to 2008 made $163,167,539.95. http://www.ftc.gov/os/caselist/0723137/100304jainamendedjudgement.pdf
We've done a lot of estimation on the size of the underground economy. But we’ve never been able to examine the books for one of these criminal gangs. The FTC has. Think it's strange that a bunch of cybercriminals might “keep the books” and have accountants? Well this particular criminal group, wasn’t just run like a company; it actually was a company. Innovative Marketing had hundreds of employees, offices around the world. I’ve been told that it even had a company soccer team.
An XPAntiVirus here, a Spyware Guard there and pretty soon we’re talking serious money. $163,167,539.95 in the case of Innovative Marketing. That’s a pretty powerful incentive for cybercriminals to get into the rogue security software game. The FTC shut Innovative Marketing down, but that didn’t end the problem. There were lots of gangs willing to step in and take Innovative Marketing’s place. This rogue security epidemic will end when end-users no longer fall for the scam. And the ending will be messy. Look at spam. Spammer first increased their volume to increase revenue. But now with anti-spam technology and smartened up end-users they’ve had to increase the amount of spam to keep revenue from falling. Rogue security vendors are making way too much money to go out of business with a whimper. Things will get worse before they get better.
I’ve been asked so many times what can be done to stop these threats that I’ve had a website put up to answer the question. http://go.symantec.com/best_practices/ The site covers general best practices for endpoint protection, but each one of these best practices will help prevent rogue security software from getting on your machines. I said prevent on purpose. It’s about stopping the threats from getting on your machine in the first place. Not about cleaning up after they’ve infected a system. Prevent is a lot better than repair. But I’ll talk about repair in another blog.
On the site I talk about using Symantec Endpoint Protection’s application and device control to stop malware. Many people don’t know about this feature, or don’t have any idea about all the great things it can do. So I’ve got a site up for that as well. http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=adc
I can’t predict when this epidemic of rogue security will end. But I can predict you'll be a lot less troubled by it if you follow best practices for stopping them.