Scareware rogue software reaches threat peak

Peter Dinham
Friday, 06 November 2009 09:33

Business IT - Security

The highest level of total malware detected in more than a year, and four times greater than detected levels in September, was reported last month, including scareware tactics reaching an all-time peak with the worst attacks ever reported, according to security firm Fortinet’s latest threatscape analysis.

Fortinet says that, in total, seven malware variants listed in the top 10 malware list relate to scareware, “proving these attacks are occurring fast, hard and often.”

According to Fortinet’s Derek Manky, project manager, cyber security and threat research, the company has seen “record levels of scareware building off volume from September, and the danger in these threats is only becoming more serious as the methods for delivery evolve and the blending of attacks bring more complexity.

“As we’ve seen in the consistency of repeated threats, the old schemes are still proving to be good methods. Enterprises and consumers must take equal responsibility in understanding the disguises of these threats and implementing a multi-pronged security solution that addresses the different and changing characteristics of tried and true tactics.”

According to Fortinet, its latest report reveals that again dominated in the form of rogue security software, posing as the security suite AntiVirus Pro 2010, with users tricked into purchasing fake software to resolve their alleged problems, while the software contacts a remote server in order to obtain a malicious payload and receive updated copies.

Manky says that other components may be bundled with scareware, such as ransomware and bot agents, and that once an infection makes its way onto a system, the ‘floodgates open up for cybercriminals.”

Fortinet also reports that Scareware activity pushed Virut and Netsky out of the top 10 malware list for the first time in over a year, with Scareware the “chart topper” in October 2009.

The security firm also says that the high threat levels can be partly attributed to the popular money-making affiliate programs that tempt participants with a handsome pay-out on each software download purchased. “Tools and kits are readily available to participating affiliates, accelerating the distribution of scareware and other malicious components.”