Vulnerabilities / Threats
04:50 PM
Connect Directly

Fake Security Software Steals $34 Million Monthly

Cybercriminals are making a fortune by preying on gullible computer users.

Ignorance may be bliss, but it can also be expensive. Insufficiently knowledgeable computer users are downloading and paying for fake security software in increasing numbers, creating massive revenue for cybercriminals.

"More and more people are acclimating to the Internet and they feel they can make these important security decisions," said Sean-Paul Correll, security evangelist and threat researcher for Panda Security. "They don't feel the need to call their tech-savvy grandson."

Fake security software, also known as "rogueware," is a form of malware that attempts to convince people that their computers are infected with malware.

Following the exploitation of a vulnerability or a visit to a malicious Web site, rogueware will weasel its way onto a computer and then purport to find malware on the system in question. It will offer to remediate the problem once the victim enters a credit card number to pay for the "security software." But payment typically does not cure the infection.

"Cyber-criminals no longer need to steal users' information in order to make their money; instead, they simply need to find ways to get users to part with their cash voluntarily," says a report released by Panda Security on Wednesday.

According to Panda, the rogueware business took off in 2008 and has continued to surge. At the end of 2008, the company said that it had detected almost 55,000 rogueware samples. By the end of Q3 this year, Panda expects to identify more than 637,000 new rogueware samples, an increase of more than tenfold in less than a year.

Rogueware cybercriminals spread their fake software through social media by manipulating search engines to get their links to the top of search results lists, by inserting links into comments on, by tweeting their links on Twitter, and by exploiting vulnerabilities in blog software and on Facebook.

Panda estimates that 35 million computers are infected by rogueware every month, affecting perhaps half that number of actual users.

Such large numbers, Panda claims, lead to substantial revenue. The company estimates that cybercriminals are earning about $34 million per month from rogueware, which typically sells for between $49.95 and $79.95.

"They're making an insane amount of money," insists Correll.

This claim isn't merely speculation. According to Correll, a hacker known by the name "NeoN" infiltrated rogueware manufacturer Bakasoftware in September 2008 by exploiting an SQL vulnerability on the group's Web site. NeoN copied a spreadsheet of payments to Baka's affiliates. The numbers show that the malware group's top affiliate earned $81,388.61 in a period of only six days.

"That's almost $5,000,000 per year and it's an astronomical number considering that this projection is just for one of many affiliates in Baka's roster, not to mention that the rogueware business has grown about four times the size it was in 2008 (in terms of sample volume)," Panda's report states.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Tell the sysadmin that we have a situation.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.