Vulnerabilities / Threats
04:50 PM
Connect Directly

Fake Security Software Steals $34 Million Monthly

Cybercriminals are making a fortune by preying on gullible computer users.

Ignorance may be bliss, but it can also be expensive. Insufficiently knowledgeable computer users are downloading and paying for fake security software in increasing numbers, creating massive revenue for cybercriminals.

"More and more people are acclimating to the Internet and they feel they can make these important security decisions," said Sean-Paul Correll, security evangelist and threat researcher for Panda Security. "They don't feel the need to call their tech-savvy grandson."

Fake security software, also known as "rogueware," is a form of malware that attempts to convince people that their computers are infected with malware.

Following the exploitation of a vulnerability or a visit to a malicious Web site, rogueware will weasel its way onto a computer and then purport to find malware on the system in question. It will offer to remediate the problem once the victim enters a credit card number to pay for the "security software." But payment typically does not cure the infection.

"Cyber-criminals no longer need to steal users' information in order to make their money; instead, they simply need to find ways to get users to part with their cash voluntarily," says a report released by Panda Security on Wednesday.

According to Panda, the rogueware business took off in 2008 and has continued to surge. At the end of 2008, the company said that it had detected almost 55,000 rogueware samples. By the end of Q3 this year, Panda expects to identify more than 637,000 new rogueware samples, an increase of more than tenfold in less than a year.

Rogueware cybercriminals spread their fake software through social media by manipulating search engines to get their links to the top of search results lists, by inserting links into comments on, by tweeting their links on Twitter, and by exploiting vulnerabilities in blog software and on Facebook.

Panda estimates that 35 million computers are infected by rogueware every month, affecting perhaps half that number of actual users.

Such large numbers, Panda claims, lead to substantial revenue. The company estimates that cybercriminals are earning about $34 million per month from rogueware, which typically sells for between $49.95 and $79.95.

"They're making an insane amount of money," insists Correll.

This claim isn't merely speculation. According to Correll, a hacker known by the name "NeoN" infiltrated rogueware manufacturer Bakasoftware in September 2008 by exploiting an SQL vulnerability on the group's Web site. NeoN copied a spreadsheet of payments to Baka's affiliates. The numbers show that the malware group's top affiliate earned $81,388.61 in a period of only six days.

"That's almost $5,000,000 per year and it's an astronomical number considering that this projection is just for one of many affiliates in Baka's roster, not to mention that the rogueware business has grown about four times the size it was in 2008 (in terms of sample volume)," Panda's report states.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.