Beware fake security software

Hackers make fortune selling fake software

by Michael Smith (Veshengro)

Cybercriminals frightening computer uses into downloading malware

Criminals can make a fortune by fooling people into buying fake security software.
To get people to the site hosting the rogue software, the cybercriminals use search engine optimisation techniques. They add misspelled keywords such as "liscnese" or "obbama" into pages on compromised websites. Search engines index these pages and display them as top search results. Once the victim has been lured to a compromised site, they are redirected to the site offering the bogus software.

Of the 1.8 million visitors who were redirected in one recent attack, around 1.79 per cent paid the £34 fee, making over a million pounds for the criminals.

A hacker can make more than £7,400 a day by redirecting people to rogue security software sites and getting them to pay for the malware.

Some IPs, however, are making efforts to redirect any misspelled and miss-typed web-addresses to their own sites, thus protecting the user. While this is at times rather annoying when this happens one should look at it as a protection though.

The company’s research, published in its Cybercrime Intelligence report for 2009, showed that not only were the criminals professionally organized and operating profitable affiliate networks, but the operations could easily be run by one or two people who had relatively little technical knowledge and skill.

Yuval Ben-Itzhak, Finjan chief technology officer, said: "Everything is being done automatically. They're using automatic tools to compromise the website and it isn't hard to find keywords. You don't need to have a PhD to set this up, and that is why it is so successful."

Finjan monitored a single operation for 16 consecutive days and estimated that during this time, the sales generated a haul of around $191,000 (£131,000) from 1.8 million unique users who were misdirected to the rogue anti-virus software.

To get people to the site hosting the rogue software, the cybercriminals were using search engine optimization techniques. They injected misspelled keywords such as "liscnese" or "obbama" into web pages on compromised websites. Search engines indexed these pages and displayed them as top search results. Once the victim had been lured to a compromised site, they were redirected to the site offering the bogus software.

Of the 1.8 million visitors who were redirected, between seven and 12 per cent downloaded and installed the software, and roughly 1.79 per cent paid the £34 fee. Members of the affiliate network were paid 9.6 cents for each successful redirection, which totalled $10,800 or £7,452 per day.

Security firm Finjan said the criminals are compromising web pages on legitimate sites in order to direct traffic to their malware and, by using scare tactics, are making people download and buy the bogus software.

The more we hear and see of this the more some people are wondering, I know, whether the Internet is, in fact, a safe place.

Those that may thus wonder let me say that the Internet is safe as long as you handle it with care and do not click on links that could be suspect and that the user has the best anti-virus and other protection software, which is updated daily. You protection is only as good as your latest update.

Having said this, some vulnerabilities can hit before industry is aware of the existence of the malware or vulnerabilities, and therefore we must beware of where we go and how and – check your spelling when typing.

© 2009
<>