Symantec: Imaginary Threats and Fake Antiviruses | Total Security

Symantec Corporation has released the results of its research on the problem of fake antiviruses ("Report on Rogue Security Software").

Data collected over a 12-month period from July 2008 to June 2009 shows that attackers are increasingly using intimidation tactics using fake security alerts (Rogue Security Software). This type of malware, also known as "scareware", displays false virus warnings in the hope of scaring the user into downloading a fake antivirus. At best, fake antiviruses are useless, and at worst, they can install malicious code on your computer or reduce the overall level of system security.

To trick unsuspecting people into downloading fake software, scammers place advertisements on websites that play on the user's fear of computer threats. As a rule, the texts of such advertisements read: "If you see this inscription, then your computer is under the threat of a virus infection." Then the user is asked to follow the link to check the computer or download a program to remove the "virus". According to the study, 93 percent of the 50 most common fake antivirus programs installed were intentionally downloaded by users themselves under the influence of fraudulent advertising. In total, since June 2009, Symantec specialists have discovered 250 different fake programs, allegedly designed to ensure security.

The initial financial loss for those who download the fake software ranges from $ 30 to $ 100. However, the accompanying fraudulent data theft can result in more significant losses. Attackers can not only deceive money for useless programs but also steal the user's personal data, including his credit card information, in order to sell this data on the black market.

But that is not all. Some fake programs install malicious code on the system that makes the machine vulnerable to other threats. That is, instead of providing the declared protection, these "antiviruses", on the contrary, reduce it. For example, some of these programs urge the user to lower the current security level, after which they register fake software in the system or block access to the websites of the manufacturers of real antiviruses. This, in turn, paves the way for further threats from which the user was promised to be protected.

Unfair Advertising Encourages Buying Fake Antivirus Software
There are many ways to trick users into downloading fake antivirus software. These are mainly intimidation tactics and social engineering techniques. Fake antivirus products are advertised in a variety of ways, including through malicious and even legal websites: blogs, forums, social networks, and adult-only sites. Many legitimate sites, although they have no connection with scammers, display information about their software as advertisements, thereby compromising themselves.

Links to Internet resources where fake antiviruses are offered for download may (with some effort on the part of their distributors) appear among the most relevant results in search engines.

To eliminate suspicion on the part of users, the developers of fake antivirus tools try to create a reliable interface for their programs. They often tweak it to match the look of real antivirus software. It is not uncommon for counterfeit protections to be spread through websites that do not seem to raise any fear. Some fraudulent sites contain very real online credit card payment systems, and e-mails are sent to victims about the receipt of payment, which also contains information about the product serial number and service code.

Resellers get bonuses for distributing fake antivirus software
Cybercriminals have a performance-based payment system, so agents who offer fake anti-virus protection are directly interested in deceiving as many people as possible. According to the study, the ten most successful distributors of fake antiviruses from TrafficConverter.biz made an average of $ 23,000 a week from unsuspecting users over 12 months of monitoring. This is almost three times the weekly earnings of the President of the United States.

The system of payment for distributors "per click" is widely practiced. Money is deducted for each transition of a user from a partner's marketing page to a website with fake software. In this model, distribution partners pocket between 1 and 55 cents for each product installation by users. The largest amount is transferred to the owner of the marketing page if the defrauded user is in the United States, followed by the UK, Canada, and Australia. Some hosts of sites with fake antivirus software offer resellers install bonuses, VIP points, and prizes such as electronic devices and even expensive cars.  

Symantec recommends using the latest versions of computer security solutions, such as Symantec Endpoint Protection or Internet Total Security, to help protect businesses and consumers from fake antivirus software. In addition, it is highly advisable to follow the recommendations for protection and risk reduction, which are given in Appendix A to this report. In particular, in order to protect their computers, users are advised to buy and install only trusted software products from reputable manufacturers. These products are sold in retail and online stores.

Here are Symantec's top guidelines:

- Try not to follow the links contained in the emails, because they can lead to fraudulent websites. Instead, manually type in the addresses of well-known, reputable websites.
- Never view or open the contents of suspicious email attachments. Be wary of all emails in which you are not the direct addressee.
- Beware of pop-ups and banner ads that mimic system messages. This is the first sign that you are being lured to sites with malware.