Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware, or that installs other malware. Rogue security software, in recent years, has become a growing and serious security threat in desktop computing
Symantec has detected more than 250 distinct rogue security software programs. During the period of a report, from July 1, 2008, to June 30, 2009, Symantec received reports of 43 million rogue security software installation attempts from those 250 distinct samples. The continued prevalence of these programs emphasizes the ongoing threat they pose to potential victims despite efforts to shut them down and raise public awareness.
To encourage unsuspecting users to install their rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat. According to the study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user.
Recently 3 men were indicted in a $100 million dollar rogue anti-virus operation. The FBIdescribed it asan international cybercrime operation that sold $100 million in rogue antivirus software to victims in more than 60 countries.
- The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.
- Among the distribution sites Symantec observed, affiliates are paid $0.55 for installations of rogue security software by users in the U.S.; affiliates are paid $0.52 for installations by users in the U.K. and Canada; and affiliates are paid $0.50 for installations by users in Australia.
- The fifth highest price is considerably lower, with affiliates paid just $0.16 for installations by users in Spain, Ireland, France, and Italy.
- The per-installation-price variations from country to country varies based on the likelihood of users from that country paying for the fake security software.
- Ninety-three percent of rogue security software programs are advertised through a Web site designed for this purpose; 52 percent are promoted through Web advertising.
- Of the top 50 reported rogue security applications observed between July 2008 and June 2009, 61 percent of the scams observed by Symantec were attempted on users in North America; 31 percent occurred in the Europe, Middle East, and Africa region; 6 percent occurred in the Asia-Pacific/Japan region; and 2 percent in the Latin America region.
- The higher percentage of rogue security software scams in the top two regions is likely due to the fact that the majority of malicious activity in general is also in the North America and Europe/Middle East/Africa regions.
- The higher percentage of rogue security software scams in North America may also be due to the fact that affiliates are paid a higher per-installation price for installing their software onto the computers of users in this region.