Hacker Intelligence Reports:
Here is a report from zanasser on the enormous money mountain, derived from what some are calling "scareware".
I received a very nice phone call a couple of weeks back from a very kindly gentleman in India who seemed concerned that one of my computers was calling him up and apparently screaming help, help, help down the phone line.
He said my PC was reporting a fault and numerous infections and that as he as the head of the Internet Cybercrime Department would take care of it so long as i sent him $29.99 to cover the work. Suffice to say that since i had half an hour to kill i let him explain to me (in roundabout terms) just how this scam was supposed to work.
Anyway, i thought this report would give some background to this new line in crackery.
According to a study by Panda Security, fraudsters are making approximately $34 million per month through what is being called “scareware attacks”. These are scams designed to trick surfers into purchasing rogue security packages supposedly needed to deal with threats which don’t really exist. Also termed as “rogueware”, distributors of such software are successfully infecting 35 million machines a month.
Utilizing the concept of social engineering, whereby information on such fake security software is marketed through social networking sites and tools, user are tricked into visiting sites hosting scareware software, downloading it and telling a friend.
Other tactics to find users include manipulating the search engine rank of pages hosting scareware. Panda Security believes that there are over 200 different families of rogueware, with more new variants coming on stream all the time. The technical director at Panda Labs explains that "Rogueware is so popular among cyber-criminals primarily because they do not need to steal users' personal information like passwords or account numbers in order to profit from their victims.
By taking advantage of the fear of malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream." And the figures support the concern that this trend is growing. In the second quarter of 2009, four times more new strains were created than in the whole of 2008, primarily to avoid signature-based detection by proper security packages. Another technique, behavior-based detection, is an approach that works well with Trojans and worms, but is limited when applied against scareware packages.
The real issue now emerging is how sacreware is emerging as an organized crime. There are dedicated software creators and distributors of scraeware. They go through a set of procedures: writing the rogue applications, establishing distribution platforms, payment gateways, and any other back office services.
There are also affiliates (distributors) tasked with the job of distributing scareware to as many victims as possible in the fastest possible time. Stay out of this cycle. Don’t be ‘scared’ into downloading anything. Only obtain well-known industry standard security software. Forget about small, unknown vendors. Just applying common sense is the best protection against scareware, rogueware or any kind of new ‘threatware’.
Zeid Nasser's Tech Blog