Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Cybercriminals Use Fear and Anxiety to Convince Users to Buy Rogue Security Software

Symantec Corp. (Nasdaq: SYMC) today announced the findings of its Report on Rogue Security Software.
  • 20 October, 2009 10:21

<p>Users lulled into false sense of security while exposed to greater information and identity risks</p>
<p>SYDNEY, Australia – 20 October 2009 – Symantec Corp. (Nasdaq: SYMC) today announced the findings of its Report on Rogue Security Software. The study’s findings, based on data obtained during the 12-month period of July 2008 to June 2009, reveal that cybercriminals are employing increasingly persuasive online scare tactics to convince users to purchase rogue security software. Rogue security software, or “scareware,” is software that pretends to be legitimate security software. These rogue applications provide little or no value and may even install malicious code or reduce the overall security of the computer.</p>
<p>To encourage unsuspecting users to install their rogue software, cybercriminals place website ads that prey on users’ fears of security threats. These ads typically include false claims such as “If this ad is flashing, your computer may be at risk or infected,” urging the user to follow a link to scan their computer or get software to remove the threat. According to the study, 93 percent of the software installations for the top 50 rogue security software scams were intentionally downloaded by the user. As of June 2009, Symantec has detected more than</p>
<p>250 distinct rogue security software programs.</p>
<p>The initial monetary loss to consumers who download these rogue products ranges from AUD$30 to $100. However, the costs associated to regain ones’ identity could be far greater. Not only can these rogue security programs cheat the user out of money, but the personal details and credit card information provided during the purchase can be used in additional fraud or sold on black market forums resulting in identify theft.</p>
<p>To make matters worse, some rogue security software actually installs malicious code that puts users at risk of attack from additional threats. As a result, installing these programs can lower the security posture of a computer while claiming to strengthen it. For example, rogue programs may instruct the user to lower or disable any existing security settings while registering the bogus software or prevent the user from accessing legitimate security Web sites after installation. This, in turn, leaves users exposed to the very threats the rogue software promised to protect against.</p>
<p>Deceptive Ads Prey on Fear to Convince Users to Buy Rogue Applications</p>
<p>There are several methods employed to trick users into downloading rogue security software, many of which rely on fear tactics and other social engineering tricks. Rogue security software is advertised through a variety of means, including both malicious and legitimate Web sites such as blogs, forums, social networking sites, and adult sites. While legitimate Web sites are not a party to these scams, they can be compromised to advertise these rogue applications. Rogue security software sites may also appear at the top of search engine indexes if scam creators have seeded the results.</p>
<p>To increase the likelihood of fooling users, rogue security software creators design their programs so that they appear as credible as possible, mimicking the look and feel of legitimate security software programs. In addition, these programs are often distributed on Web sites that appear credible and enable the user to easily download the illegitimate software. Some malicious sites actually use legitimate online payment services to process credit card transactions and others return an e-mail message to the victim with a receipt for purchase – complete with serial number and customer service number.</p>
<p>Middlemen Distribute Rogue Software for Profit and Prizes</p>
<p>Cybercriminals are profiting from a highly organised pay-for-performance business model that pays scammers to trick users into installing bogus security programs. According to the study, the top ten sales affiliates for the rogue security distribution site reportedly earned an average of AUD$25,000 per week during the 12-month study period of the report, or almost four times the weekly salary of the Prime Minster of Australia1.</p>
<p>These practices are similar to the affiliate marketing programs made popular by online retailers. Affiliate marketing programs reward participating affiliates or members for each visitor or directed to the online retailer’s website due to the affiliate’s marketing efforts. Through this model, affiliates of rogue software scams can earn between US$0.01 and US$0.55 for every successful installation. The highest prices are paid for installations by users in the U.S., followed by the U.K., Canada, and Australia. Some distribution sites also offer their affiliates incentives in the form of bonuses for a certain number of installs, as well as VIP points and prizes such as electronics and luxury cars.</p>
<p>To protect against rogue security software, Symantec recommends that both enterprises and users employ the latest protection from security risks, such as Symantec Endpoint Protection or Norton Internet Security . Specifically, users should invest in and install only proven, trusted security software from reputable security vendors whose products are sold in established retail and online stores. Best practices for protection and mitigation as outlined in the report include:</p>
<p>• Avoid following links from emails, as these may be links to spoofed or malicious websites. Instead, manually type in the URL of a known, reputable website.</p>
<p>• Never view, open, or execute email attachments unless the attachment is expected and comes from a known and trusted source. Be suspicious of any emails that are not directly addressed to your email address.</p>
<p>• Be cautious of pop-up windows and banner advertisements that mimic legitimate displays. Suspicious error messages displayed inside the Web browser are often methods rogue security software scams use to lure users into downloading and installing their fake product.</p>
<p>• The findings of our Report on Rogue Security Software make it clear that cybercriminals are willing, eager, and well-equipped to prey on today’s Internet user,” said Stephen Trilling, Senior Vice President, Symantec Security Technology and Response. “To avoid becoming a victim of such predatory practices, Symantec strongly urges Internet users to make sure they are using the latest security protection and always obtain their security software directly from trusted vendors’ websites.”</p>
<p>• “Scareware creators can scam thousands of people for comparatively small amounts of money all at the same time and make huge aggregate profits,” said David Wall, PhD. professor, Centre for Criminal Justice Studies, University of Leeds. “This type of fraud works because the fake security software tricks users into believing they have an immediate threat which only their program can resolve. Ultimately, it's a con. I would advise Internet users to be careful while online and only download from trusted sources."</p>
<p>Additional Facts</p>
<p>• The top five reported rogue security applications are SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure, and XP AntiVirus.</p>
<p>• Among the distribution sites Symantec observed, affiliates are paid US$0.55 for installations of rogue security software by users in the U.S.; affiliates are paid US$0.52 for installations by users in the U.K. and Canada; and affiliates are paid US$0.50 for installations by users in Australia.</p>
<p>o The fifth highest price is considerably lower, with affiliates paid just US$0.16 for installations by users in Spain, Ireland, France, and Italy.</p>
<p>o The per-installation-price variations from country to country varies based on the likelihood of users from that country paying for the fake security software.</p>
<p>• Ninety-three percent of rogue security software programs are advertised through a Web site designed for this purpose; 52 percent are promoted through Web advertising.</p>
<p>• Of the top 50 reported rogue security applications observed between July 2008 and June 2009, 61 percent of the scams observed by Symantec were attempted on users in North America; 31 percent occurred in the Europe, Middle East, and Africa region; 6 percent occurred in the Asia-Pacific/Japan region; and 2 percent in the Latin America region.</p>
<p>o The higher percentage of rogue security software scams in the top two regions is likely due to the fact that the majority of malicious activity in general is also in the North America and Europe/Middle East/Africa regions.</p>
<p>o The higher percentage of rogue security software scams in North America may also be due to the fact that affiliates are paid a higher per-installation price for installing their software onto the computers of users in this region.</p>
<p>Additional Resources</p>
<p>• See additional materials including videos, podcasts and infographics in our online press kit</p>
<p>• See the global distribution of rogue security software servers on Google Maps</p>
<p>About the Report</p>
<p>The Symantec Report on Rogue Security Software, developed by the company’s Security Technology and Response (STAR) organisation,
is an in-depth analysis of rogue security software programs. The report includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008 to June 30, 2009.</p>
<p>About Security Technology and Response</p>
<p>The Security Technology and Response (STAR) organisation, which includes Security Response, is a worldwide team of security engineers, threat analysts, and researchers that provides the underlying functionality, content, and threat expertise for all Symantec corporate and consumer security products. With global response centres located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries, and tracks more than 32,000 vulnerabilities affecting more than 72,000 technologies from more than 11,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.</p>
<p>About Security Solutions from Symantec</p>
<p>Symantec helps organisations secure and manage their information-driven world with security management, endpoint security, messaging security and application security solutions.</p>
<p>About Symantec</p>
<p>Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at</p>
<p>NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.</p>
<p>Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.</p>
<p>1 “Prime Minister Kevin Rudd and MPs in line to get a 3% pay rise”, The Daily Telegraph, 24 September 2009</p>
<p>Press Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>+61 414 967 088</p>

Most Popular

Most Popular Reviews

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?