A report by the Antiphishing Working Group this week reveals that the number of people downloading and installing rogue anti-virus programs is on the rise with one security company claiming that cybercriminals were making up to $34 million a MONTH from gullible users.
According to the findings, in the first quarter of 2009 alone, more new strains of rogue anti-virus program (or scareware) were created than in all of 2008. By June of this year, more than 150,000 rogue programs had been identified.
Scareware and rogue programs have been spreading fast because they fit into a business model that reaps the benefits much faster than using Trojans or other types of malware. With rogue software, cybercriminals just wait for the people who download the software (after getting a shock message that their computer has been infected with some virus or other) to pay up to have their machine cleaned. These programs are often not detected by anti-virus engines and they make changes to the operating system to prevent their removal until the victim pays for the rogueware.
The success that cybercriminals are having with these types of programs indicates that many people simply act before they think of the consequences. If you don’t have an AV solution installed, and you receive a message saying the machine is infected, something is amiss and certainly not right – if you don’t have AV you shouldn’t be told that you have an infection!
However, cybercriminals play on people’s fear that a virus has entered their system. With little or no technical knowledge they fall for the scam and pay up – anything to get rid of the virus.
If, on the other hand, you have anti-virus installed, you should read the message that pops up very carefully. If you are asked to install an AV program (and you know you have one already), that should ring a very loud alarm bell. Unfortunately, many users believe that their AV has failed and they remove it to purchase the rogueware.
For cybercriminals, it’s a win-win situation and the fastest way to make a quick buck.
If you, family members or colleagues do receive AV warnings, treat them with suspicion and check that the company claiming that you have a virus is the same as that whose software you have installed and speak to an IT expert. Whatever happens, do not pay any money.
Some common names used by these programs include: Antivirus2009, Xpantivrus2008, XPAntiSpyware2009 and MSAntiSpyware2009. WinPC Defender, SystemSecurity, System Guard2009.
You can read the full APWG report here.