Senior Threat Researcher
François Paget is a senior threat research engineer and one of the founding members of McAfee Labs, where he conducts a ...
On March 9 McAfee warned consumers that “scareware,” or fake anti-virus software, may be the most costly online scam in 2010, causing significant monetary loss and damage to users’ computers. In this blog, I’ll give you some additional details about the figures we cited last week in McAfee’s new Consumer Threat Alert program.
Apart from the scareware files themselves, many malware that aid rogue anti-virus programs in attacking computers are grouped into the fake-alert Trojan family. As shown in the following graph, their number exploded in 2009. To give you some idea of the rapid growth, from March 1 to March 10, 45,000 new FakeAlert samples entered in our malware collection!
Between January 2004 and December 2009, I cataloged more than 3,000 scareware software “products” created by various rogue companies. Many of them have a short life cycle (some weeks, some months), while others, some created in 2004, are still available on the web.Â For half of them (see next table) weÂ were able to extrapolateÂ the year they appeared. Their number surpassed 100 for the first two months of 2010.
For many of these “products,” only the name changes. This trick maximizes a malware developer’s chances to catch victims. The scareware companies create website after website with a single rogue offer repeated under various names.
Fake-alert malware and scareware software are numerous. But scareware companies are restricted in number. Perhaps between 30 and 50. The names change, but the managers remain the same. They create many subsidiaries and recruit affiliates. For more than 2,000 of these products, I was able to map them to the companies that distribute them. To avoid possible legal hassles as well as personal trouble, I will not give you the names–but the following table speaks for itself.
|Company NÂ°1||> 1,000 products|
|Company NÂ°2||> 150|
|Company NÂ°3||> 100|
|Company NÂ°4||> 100|
|Company NÂ°5||> 50|
|Company NÂ°6||> 30|
|Company NÂ°7||> 30|
|Company NÂ°8||> 30|
|Company NÂ°9||> 30|
Some companies work openly. Their managers are not afraid to create even LinkedIn profiles. When the pressure becomes too strong they simply create a new business.
To multiply sales, scareware companies recruit affiliates and promise them commissions reaching 75 percent of the product’s sales price.
When I presented our research on scareware in Paris in January, I explained that a colleague monitored–during a six-month period–the production servers of one of the main scareware companies. In 10 days, he counted more than four million downloads (that is, more than four million scareware infections)! This was from only one company, and some victims made more than one download in a day.
In 11 months, this scareware company received more than 4.5 million orders. Using this figure, I forecast annual revenues of greater than US$180 million. This leads to a substantial worldwide income for this criminal activity.
Finally, these scareware companies have not only fake security software for sale. They also peddle many other fake products (multimedia software, fitness software, family software, etc.). And, above all, they offer pornography. Consequently, their revenues are still greater.
To avoid becoming a security software scam victim, the McAfee Consumer Threat Alert advises the following: