Cybercrims' scare tactics to force rogue software buys

Peter Dinham
Tuesday, 20 October 2009 05:35

Business IT - Security

Cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software, or “scareware” software that pretends to be legitimate security software. 

In its latest report on rogue security software covering the 12-months between July last year and June this year, Symantec says these rogue applications provide little or no value and may even “install malicious code or reduce the overall security of the computer,” with the crims attempting to encourage unsuspecting users to install their rogue software, as well as placing website ads that prey on users’ fears of security threats.

According to the study, cybercriminals are profiting from a highly organised pay-for-performance business model that pays scammers to trick users into installing bogus security programs. Symantec says these practices are similar to the affiliate marketing programs made popular by online retailers, where participating affiliates or members are rewarded for each visitor or directed to the online retailer’s website due to the affiliate’s marketing efforts. 

The study found that, through this model, affiliates of rogue software scams can earn between US$0.01 and US$0.55 for every successful installation, with the highest prices paid for installations by users in the US, followed by the UK, Canada and Australia.

And, Symantec reports that the top 10 sales affiliates for the rogue security distribution site, TrafficConverter.biz, reportedly earned an average of “$25,000 per week during the 12-month study period of the report, or almost four times the weekly salary of the Prime Minster of Australia.”
 
Symantec says these practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor or directed to the online retailer’s website due to the affiliate’s marketing efforts.  Through this model, affiliates of rogue software scams can earn between US$0.01 and US$0.55 for every successful installation. The highest prices are paid for installations by users in the U.S., followed by the UK, Canada, and Australia.

Symantec senior vice president, security technology and response, Stephen Trilling, says the ads placed on websites by the rogue sellers “typically include false claims such as ‘If this ad is flashing, your computer may be at risk or infected’, urging the user to follow a link to scan their computer or get software to remove the threat.”

CONTINUED page 2