Rogue Security Software Infects Millions of PCs: Symantec - HotHardware
Rogue Security Software Infects Millions of PCs: Symantec

Rogue Security Software Infects Millions of PCs: Symantec

Symantec has released a report (.PDF) on what it calls "rogue security software." According to the report, Symantec has detected over 250 distinct rogue security software programs, and during the timeframe of the report, July 2008 - June 2009, 43 million attempted downloads of such rogue programs. The company was unable to determine exactly how many installs completed.

One of the most prevalent ways for these bogus AV programs to install is when a user browses to a website, which then pops up a message saying that "your PC is vulnerable," or "your PC is infected" or other similar warning. This type of scenario is an attempt to install "scareware" on a user's PC. If a user falls for the warning, he could download and install what is essentially malware. Of course, that's not the only way that such programs are distributed. They also infect PCs via the tried-and-true email attachment method. Of course, more users are savvy enough to avoid that trap, and many webmail providers pre-scan your email anyway.

That is yet another reason to use a free webmail provider such as Gmail. For example, if you redirect your email (even your own domain's email) through Gmail, it will check for spam and malware, and at the same time allow you to reply back to the email originator via the email address that was used.

Just as with legitimate businesses, traffickers in rogue security software use affiliate-based programs to distributed their malware. According to the report, these affiliates can make a considerable amount of money:
In the case of, the website was associated with the Downadup worm as a URL from which Downadup attempted to download its payload. The site was shut down in November 2008 before the worm could download the unknown payload. and other reincarnations of the website paid affiliates $30 per sale of their rogue security software programs, such as XP Antivirus. The site purported to have at least 500 active affiliates, with top affiliates earning as much as $332,000 in a month for installing and selling security risks—including rogue security software programs—onto users’ computers. The top 10 earning affiliates purportedly each earned $23,000 per week, on average.
You probably recall the Downadup worm, also known as Conficker, which was probably one of the most highly publicized malware programs of all time. Of course, with all the publicity, it was more a bust than a bang.

Still, some common sense and people wouldn't run into these rogue security programs in the first place. The key points are: have some sort of security software on your system (such as Microsoft's new free software); don't believe a site that tells you you're infected assuming you already have AV software installed; and don't open attachments you aren't expecting.

The top 10 rogue security programs, according to Symantec, are:
  1. Spyware Guard 2008
  2. AntiVirus 2008
  3. AntiVirus 2009
  4. Spyware Secure
  5. XPAntivirus
  6. WinFixer
  7. SafeStrip
  8. Error Repair
  9. Internet Antivirus
  10. DriveCleaner
+ -

>> which then pops up a message saying that "your PC is vulnerable," or "your PC is infected" or other similar warning.

I saw this just last week, which appeared to be the result of an advert embedded in an otherwise reputable message board.

It actually made me grin though: I was browsing from Linux on my PS3 at the time... so the fake XP dialogs weren't very convincing (nor was there any chance of it running its Windows/X86-only payload). None of us here would fall for it, but it makes me cringe to think how many 'non-computer' people might be taken in.

+ -

I used to have a customer base of about 1200 people in California that relied on me to fix their computer's hardware problems and advise them on security issues.

It turned out to be a full time job because some people just do not listen when you tell them not to click on those pop up warnings. I had several repeat offenders that shelled out money to me on a regular basis to restore the functionality to their PC's.

So yes,........the world is full of Marks that feed this kind of exploitation.

When I moved to Virginia 3 years ago, I never "Hung Out My Shingle" here and have much more time on my hands too. The E-Mails from California have never stopped though.

+ -

> I was browsing from Linux on my PS3 at the time...

Yes, I used to chuckle at the fake WIndows alerts when browsing on my (pre-OSX) Macintosh. In a way I'm glad of Apple's continually miniscule market share.

Login or Register to Comment
Post a Comment
Username:   Password: