Court records show to the penny how much software company Innovative Marketing banked by getting computer users to pay for fake anti-virus programs: $163,167,539.95.Before its demise, the Ukraine-based company employed hundreds of workers collaborating to scare victims into paying $30 to $70 for such software, according to court records.
Even now, "scareware" continues to flourish. Online promotions for worthless anti-virus software increased tenfold in the first quarter this year as compared with mid-2008 when U.S. regulators began civil and criminal legal actions against the firm, believed to be the biggest of its kind, anti-virus firm McAfee says.
Microsoft recently reported that its free Malicious Software Removal Tool cleaned scareware off 7.8 million PCs in the last six months of 2009, vs. 5.3 million PCs in the first six months.
"Quite simply, scareware is booming," says Roel Schouwenberg, senior researcher at Kaspersky Lab.
According to a civil judgment won by the Federal Trade Commission, Innovative Marketing created dummy ad agencies to place innocuous-looking ads for big-name corporations without their permission on popular websites. Anyone who clicked on such an ad triggered a fake scan showing his or her PC to be infested with viruses; a sales pitch followed for a bogus clean-up.
Variations of this ruse still infest the Internet, orchestrated by "new, more discreet entities," says McAfee researcher Francois Paget. Pervasive scams revolve around:
• Search results. Scammers put up Web pages designed mainly to turn up high in search results rankings for Google queries about celebrity news and other hot topics. Clicking on a link launches the scareware.
• Social networks. Scammers steal Facebook and Twitter account log-ons, then send messages carrying a tainted Web link to the victim's contacts. The high trust and rapid repartee common to social networks help scammers trick users into launching scareware, says Andrew Brandt, researcher at anti-virus firm Webroot.
Meanwhile, scareware purveyors take advantage of merchant banking rules that enable them to accept Visa and MasterCard payments from victims across the globe. "Criminals can thumb their noses at the world, confident that there likely will be no repercussions," Brandt says.
Scareware is proving to be a "sustainable business model," says Sean-Paul Correll, researcher at Panda Security.
What is a Scareware?
Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.
A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 583% increase in scareware programs.
The "scareware" label can also apply to any application or virus (not necessarily sold as above) which pranks users with intent to cause anxiety or panic.
Recommended reading:
* Free malware-infected USB drives from IBM
* AntiVirus QuickScan Trick- Fake security software
If you like this informative post, then please subscribe to my full RSS Feed.