A recent report from computer giant Symantec – creator of the Norton brand of anti-virus products – has concluded that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software.

“Scareware”, a term for rogue security software, pretends to be legimate anti-virus applications and ironically, are often carriers of malicious code themselves.

The findings were part of Symantec’s Report on Rogue Security which is based on data obtained during the 12-month period of July 2008 to June 2009.

It is a simple case of preying on people’s fears that they may be vulnerable to attack say Symantec, who as of June 2009, had detected more than 250 distinct rogue security software programs. The most common method used by cybercriminals to infiltrate their rogue software involves placing ads on the screens of unsuspecting users which typically include false claims such as “…if this ad is flashing, your computer may be at risk or infected…” It urges the user to follow a link to scan their computer, or get software to remove the threat.

Worryingly, according to the study, 93% of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user.

Stephen Trilling, Senior Vice President, Symantec Security Technology and Response, said
“The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user. To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites.”

Furthermore, said David Wall, PhD. professor, Centre for Criminal Justice Studies, University of Leeds:
“Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits. This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it’s a con. I would advise Internet users to be careful while online and only download from trusted sources.”

The report stated that the money lost by people downloading such rogue software programmes varied from $30 to $100, but the costs of regaining back personal details from an identity attack could be far greater.

It also said that not only did these pieces of malicious code try and attack a user’s computer, they could set-up a person’s computer for future attacks from other cybercriminals.

Symantec, like many other computer security companies, actively advises people to be aware that their personal details can be sold and bought on the internet in what is a thriving trade between cybercriminals.

They also advise computer users to be on their guard against the tricks employed by cybercriminals to get their rogue software in place.

Computers users should employ a number of tactics to keep themselves safe, including:

• avoid using website links in emails. Although it may look like a site you know, it may have been subtly altered into appearing to look the same, but actually link you to bogus site which does contain malicious software;
• when emails arrive with attachments, ensure they are from trusted sources, otherwise never view, open, or execute them;
• be suspicious of emails not directly addressed to your email address;
• beware very aware of pop-up windows and banner advertisements that mimic legitimate displays;
• look out for suspicious error messages displayed inside the web browser which are used by rogue security software scams use to lure users into downloading and installing their fake product.

Guest Article by Neil Camp

Cyber criminals are increasingly using scareware programmes to ‘extort’ money out of unsuspecting computer users.

Scareware programmes, such as the widespread Internet Antivirus Pro family, load code onto people’s computers which display false messages on their screens stating that a virus has been found and that for a fee, it will be removed. Of course, no such virus exists. The product presents itself as legimate and usually contains other lines of malicious code, including often a password stealer. This tracks where people surf and steals log-in information.

It’s been estimated by The Anti-Phishing Working Group that such attacks have increased by 225%, equating to over 9,000 bogus antivirus programmes currently out there in circulation.

The US Government has reacted to such attacks by trying to shut down companies which write and distribute scareware.

Guest Article by Neil Camp

Twitter is back in the news again for the wrong reason with reports that it has been hit by a scareware scam.

Some Tweeters fell victim to the scam which invited them to a Best Video buy link, which actually took them to a site offering a rogue security application.

The brief messages, which contained a hyperlink (juste.ru), bombarded certain Tweeters and once clicked, the link took them through to a Russian domain. The site appeared to show YouTube content, but was actually delivering an infected PDF via an IFRAME. The PDF was riddled with exploits that targeted Adobe Reader versions that remain un-patched.

Once infiltrated, the computer users then saw a screen which said that their systems were infected and that it needed to be cleaned using a particular security software package which, of course, would then download malware onto the machine.

A recent report said that such attack had increased over 200% in the second half of 2008 and once attacked, the desktop would find it difficult to recover without specialist help.

And although such attacks are common on many applications, downloads and websites, this is believed to be the first concerted scareware attack via Twitter. Ironically, the offending app is known as ‘System Security.’

Computer security experts believe that people who Twitter are particularly vulnerable to such attacks, as the high volume of messages and the intimacy of the service leads to a certain susceptibility, as though users cannot believe hackers would have the wherewithal to attack such a social system.

But with the Twitter ranked in popularity only behind Facebook and MySpace with an estimated six million unique monthly visits, the problem is set to get worse over time.

Twitter confirmed that it had been attacked, but that all the offending messages had been removed.

Guest Article by Neil Camp

Cyber criminals are currently exploiting people’s fears about being infected by viruses.

And the media’s frenzied reporting about Conficker hasn’t helped either, with people panicking about being hit by the April Fool’s Day bug.

Microsoft have warned that the hackers latest ruse is to hide their malicious malware in bogus computer software programmes and then get people to download them. So whilst they think they are fully protected, the fake anti-virus is happily loading malware into their computer.

In the latest security intelligence report prepared by Microsoft, the General Manager of their Trustworthy Computing Group, George Stathakopoulos, said: “Rogue security software is the number one threat worldwide…If you think about the Conficker case, how many people went looking for a security solution and downloaded rogue malware? That means when users downloaded the software they probably gave away credit card numbers and got infected. That’s a double hit.”

This kind of scam security software is known as “scareware”. Worried users download a version, it spots a virus (which actually isn’t there), asks for a fee to clean the non-existent virus, collects the money and then pretends to guard the computer against future attacks, whilst in reality its collecting all the computer user’s personal information.

Microsoft reckon that nearly six million computers have been infected with these type of viruses and that there has been a near 70% rise in their use over a six month period.

And Microsoft believes there will be a massive rise in the use of scareware over the next few months, especially given the media’s coverage of the Conficker virus which makes computer user’s unsure of their levels of protection and open to bogus offers.

Microsoft has a $250,000 reward out there for information about who is behind the Conficker virus.

Guest Article by Neil Camp