DIERCKX & ASSOCIATES LTD

Everybody knows it all too well. It is important to keep your systems secure and updated. Well those with less noble intentions are aware of that too. Symantec published a report last year on rogue security software, people are lured in to buy and install.

Here are some of the highlights:

• During this reporting period, Symantec received reports of 43 million rogue security software installation attempts from the over 250 distinct such programs identified
• Rogue security applications are often distributed on websites that appear legitimate
• Black hat search engine optimization operations are conducted to push sites that host rogue security applications to the top of search engine indexes. Scam operators capitalize on interest in current events to lure users to websites that host rogue security software
• Symantec estimates that the initial monetary loss to consumers who downloaded and purchased these misleading applications during this reporting period ranged from $30 to $100.
• Among the distribution sites Symantec observed for this report, the highest payouts to affiliates for installations by users were in the United States, where payouts averaged $0.55 per installation; next highest were the United Kingdom and Canada, where payouts averaged $0.52 per installation in each; Australia ranked fourth, where payouts averaged $0.50 per installation.
• One distribution site observed by Symantec, TrafficConverter.biz, purported to have its top affiliates earning as much as $332,000 in a month for installing and selling security risks, including rogue security software programs, onto users’ computers.
• The top five reported rogue security applications observed by Symantec during this reporting period were, in order, SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, Spyware Secure, and XP AntiVirus.
• Of the top 50 reported rogue security applications during this reporting period, 61 percent of the scams observed by Symantec were attempted on users in the North America region, 31 percent occurred in the Europe, the Middle East, and Africa region, six percent occurred in the Asia-Pacific/Japan region, and two percent occurred in the Latin America region.
• The most common distribution method observed by Symantec during this reporting period was intentional downloads, which were employed by 93 percent of the attempts of the top 50 rogue security software scams; unintentional downloads were employed in 76 percent of the observed attempts. (Note: many scams employed both methods.)
• The most common advertising method used by the top 50 rogue security software programs that Symantec observed during this reporting period was dedicated websites, which were used in 93 percent of scams; thesecond most common advertising method was Web banner advertisements, which were used in 52 percent of the attempted rogue security software scams. (Note: many scams employed multiple methods.)
• Of the servers hosting rogue security applications that were observed by Symantec during a two-month reporting period (July to August, 2009), 53 percent were located in the United States; Germany ranked second in this measurement, with 11 percent. Symantec identified 194,014 domain names associated with rogue security applications during the same two-month observation period.
• Of the observed rogue security software domains in that two-month period, 26 percent of the total served malicious content of various types, 13 percent attempted to use browser exploits, one percent attempted to perform drive-by downloads, and less than one percent led to the installation of spyware on a user’s computer. (Note: a given Web server could belong to several categories.)

The full executive summary can be downloaded for free here >>> and I suggest you do so.

Filed under: INFORMATION SECURITY, PRODUCTS/SERVICES, RISK MANAGEMENT, SCAMS AND SCHEMES