McAfee Labs

'Scareware' Poses Danger to Consumers

0
By on Mar 15, 2010

On March 9 McAfee warned consumers that “scareware,” or fake anti-virus software, may be the most costly online scam in 2010, causing significant monetary loss and damage to users’ computers. In this blog, I’ll give you some additional details about the figures we cited last week in McAfee’s new Consumer Threat Alert program.

Apart from the scareware files themselves, many malware that aid rogue anti-virus programs in attacking computers are grouped into the fake-alert Trojan family. As shown in the following graph, their number exploded in 2009. To give you some idea of the rapid growth, from March 1 to March 10, 45,000 new FakeAlert samples entered in our malware collection!

Between January 2004 and December 2009, I cataloged more than 3,000 scareware software “products” created by various rogue companies. Many of them have a short life cycle (some weeks, some months), while others, some created in 2004, are still available on the web. For half of them (see next table) we were able to extrapolate the year they appeared. Their number surpassed 100 for the first two months of 2010.

2004 142
2005 124
2006 134
2007 138
2008 302
2009 689
January 2010 66
February 2010 46

For many of these “products,” only the name changes. This trick maximizes a malware developer’s chances to catch victims. The scareware companies create website after website with a single rogue offer repeated under various names.

Fake-alert malware and scareware software are numerous. But scareware companies are restricted in number. Perhaps between 30 and 50. The names change, but the managers remain the same. They create many subsidiaries and recruit affiliates. For more than 2,000 of these products, I was able to map them to the companies that distribute them. To avoid possible legal hassles as well as personal trouble, I will not give you the names–but the following table speaks for itself.

Company N°1 > 1,000 products
Company N°2 > 150
Company N°3 > 100
Company N°4 > 100
Company N°5 > 50
Company N°6 > 30
Company N°7 > 30
Company N°8 > 30
Company N°9 > 30

Some companies work openly. Their managers are not afraid to create even LinkedIn profiles. When the pressure becomes too strong they simply create a new business.

To multiply sales, scareware companies recruit affiliates and promise them commissions reaching 75 percent of the product’s sales price.

When I presented our research on scareware in Paris in January, I explained that a colleague monitored–during a six-month period–the production servers of one of the main scareware companies. In 10 days, he counted more than four million downloads (that is, more than four million scareware infections)! This was from only one company, and some victims made more than one download in a day.

In 11 months, this scareware company received more than 4.5 million orders. Using this figure, I forecast annual revenues of greater than US$180 million. This leads to a substantial worldwide income for this criminal activity.

Finally, these scareware companies have not only fake security software for sale. They also peddle many other fake products (multimedia software, fitness software, family software, etc.). And, above all, they offer pornography. Consequently, their revenues are still greater.

To avoid becoming a security software scam victim, the McAfee Consumer Threat Alert advises the following:

  1. Before downloading any security software from the Web, get a recommendation from someone you trust who is savvy about Internet security software
  2. Investigate the company before purchasing the software
  3. Be careful when responding to pop-up ads
  4. You can protect your computer from these types of cybercrimes by installing a complete security software suite that includes anti-virus, anti-spyware, and firewall protection, such as McAfee Total Protection. Ensure that your software is always up to date (enable the “auto-update” feature) and perform regular scans.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>