Scareware on the increase

A report by the Antiphishing Working Group this week reveals that the number of people downloading and installing rogue anti-virus programs is on the rise with one security company claiming that cybercriminals were making up to $34 million a MONTH from gullible users.

According to the findings, in the first quarter of 2009 alone, more new strains of rogue anti-virus program (or scareware) were created than in all of 2008. By June of this year, more than 150,000 rogue programs had been identified.

Scareware and rogue programs have been spreading fast because they fit into a business model that reaps the benefits much faster than using Trojans or other types of malware. With rogue software, cybercriminals just wait for the people who download the software (after getting a shock message that their computer has been infected with some virus or other) to pay up to have their machine cleaned. These programs are often not detected by anti-virus engines and they make changes to the operating system to prevent their removal until the victim pays for the rogueware.

The success that cybercriminals are having with these types of programs indicates that many people simply act before they think of the consequences. If you don’t have an AV solution installed, and you receive a message saying the machine is infected, something is amiss and certainly not right – if you don’t have AV you shouldn’t be told that you have an infection!

However, cybercriminals play on people’s fear that a virus has entered their system. With little or no technical knowledge they fall for the scam and pay up – anything to get rid of the virus.

If, on the other hand, you have anti-virus installed, you should read the message that pops up very carefully. If you are asked to install an AV program (and you know you have one already), that should ring a very loud alarm bell. Unfortunately, many users believe that their AV has failed and they remove it to purchase the rogueware.

For cybercriminals, it’s a win-win situation and the fastest way to make a quick buck.

If you, family members or colleagues do receive AV warnings, treat them with suspicion and check that the company claiming that you have a virus is the same as that whose software you have installed and speak to an IT expert. Whatever happens, do not pay any money.

Some common names used by these programs include: Antivirus2009, Xpantivrus2008, XPAntiSpyware2009 and MSAntiSpyware2009. WinPC Defender, SystemSecurity, System Guard2009.

You can read the full APWG report here.

John Mello October 8, 2009 at 2:37 pm
David—
If a user doesn’t have AV software installed, receiving phony AV warnings is the least of their worries. They shouldn’t be surfing the Net with Windows. Of course, if they have a Mac or Linux-based machine, that’s a different story…
David Kelleher October 14, 2009 at 10:44 am
So true. I’ve seen instances where AV was installed but virus definitions hadn’t been updated for over a year because the product had expired (it shipped for ‘free’ with the PC). Then they were surprised that their PC was full of spyware and a couple of Trojans thrown in for good measure. This is probably another reason why users fall for these scams… they see it as an easy way to get AV.

Comments are closed.

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email privacy@gfisoftware.com from the email address you used when submitting this form.

Scareware on the increase

About the Author: David Kelleher

2 Comments

Scareware on the increase

Get your free 30-day trial

Get your free 30-day trial

About the Author: David Kelleher

2 Comments