Security scam: Software scans computer, takes your money

Monday, October 19th, 2009

Gillian Shaw

It’s the perfect cybercrime.

Victims usually don’t even report it because they don’t realize they’ve been duped.

Or if they think to question those credit card charges, they’re too embarrassed to admit they’ve been so easily taken in.

It’s a new way of parting web surfers from their wallets and it is raking in millions of dollars for its perpetrators, who are spread around the globe and operate on a perfect pyramid scheme.

It’s rogue security software — masquerading as legitimate security programs and scaring users into installing it on their computers.

At a price.

According to a Symantec report released today, some 250 rogue security products prompted 43 million installation attempts in the year ended last June, with victims paying from $30 to $100 US for each installation.

Their losses climb even higher when the rogue software affiliates in the pyramid scheme add their own malware to scoop credit card data and other lucrative information used for identity theft.

“It has exploded in the past six, seven or eight months,” said David Wall, professor of criminal justice and information society at the University of Leeds and author of Cybercrime: The Transformation of Crime in the Information Age.

“One of the things that is distinctive about this is it is automated.

“It is performed solely by software that scans your computer and takes your money. It is what I would call pure cybercrime.”

The so-called ‘scareware’ mimics the look of conventional and legitimate software, warning web surfers that their computers are at risk and luring them into installing the rogue software. Sometimes the software even installs threats on computers it claims to be cleaning.

When they click the install link, computer users have to accept an agreement, a move most people make without bothering to read the fine print.

Wall said in some cases when victims try to get money back from their credit card companies, they are unsuccessful because the card companies will point out they accepted the conditions.

“People will let it go at that,” he said. “In that sense it is the perfect crime.”

While not quite in the malicious software category, at the very least rogue software doesn’t deliver your money’s worth.

Affiliates who participate in the operation are paid at rates ranging from $.01 to $.55 per installation.

They are also offered incentive bonuses for reaching certain numbers of installations in a day — 10-per-cent extra for 500 installations or 20 per cent for more than 2,500 installations a day.

“They are profiting from this by exploiting this grey area by making applications that don’t actually do anything to protect your computer,” said Marc Fossi, manager, Symantec Security Response and executive editor of the rogue security software report. “You are paying money for something that either does nothing at all or it does very little.

“In some cases the software can actually download threats to your computer, like a key logging Trojan.”

Fossi said the sellers evade consumers by constantly changing the branding of their software and opening new accounts with payment processors to avoid credit card chargebacks.

© Copyright (c) The Vancouver Sun

Comments are closed.