SMBs: Beware of Rogue Security Software

According to a recent survey conducted by the National Cybersecurity Alliance and Symantec, 90 percent of small businesses believe they are safe from malware and viruses, based on the security practices they have in place. However, millions of computer users, including small to midsized businesses (SMBs), are actually relying on fake security software to protect their PCs.

Symantec’s Report on Rogue Security Software notes that 43 million users downloaded one of 250 so-called “scareware” programs from June 2008 through June 2009. Scareware can be defined as programs that prey on users’ fears of being infected with viruses or malware while using the Internet. Scammers dupe well-intentioned users into purchasing and installing these security programs that in reality not only provide little or no protection, but often actually install the very malicious code they promise to eradicate.

SMBs have enough on their minds without worrying that their employees may be tricked into deploying fake security software. It is frustrating to think that while scareware creators are potentially putting SMB customer information at risk, these scammers are also turning big profits — with the most successful scam artists earning $23,000 per week from users unknowingly purchasing their fake software.

To avoid becoming a victim of a rogue security software scam, SMBs must be able to help their employees recognize such cons and take steps to minimize their vulnerability.

SMBs – Beware of “Flashing Ads”

Scammers use several methods to trick people into downloading rogue security software. They design their programs to appear as credible as possible, often mimicking the look and feel of known, legitimate security software programs — using the same fonts, colors, and layouts of real security sites as well as familiar advertisements, pop-up windows and notifications. These rogue applications typically also have names that are similar to legitimate software. For example, the top five fake security programs are named SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, SpywareSecure and XP AntiVirus.

Rogue security software even shows up alongside legitimate security programs in searches, often at the top of the search engine index. Scammers seed search engine results by capitalizing on popular news items, events, or celebrities, typically using a range of black hat search engine optimization (SEO) techniques to effectively poison search engine results. By doing this, they elevate the ranking of their scam sites whenever any topical news event is searched.

Another highly effective scamming tactic is to display false claims of security threats on an employee’s computer. For example, an employee may be surfing the Web when an ad begins flashing and a message appears telling the employee that the flashing ad indicates the employee’s computer is likely infected or at risk of infection. These messages are often persistent, repeatedly urging the user to address the risk immediately by following a link where the computer is more completely scanned, the user can buy protective software, or the threat can be removed.

Unfortunately, these and other tactics are working for scammers. According to the report, 93 percent of installations of rogue security software are intentional. What users are unaware of is that by allowing a scan, purchasing rogue software, or downloading removal tools, they may actually be exposing their computer, their company and customer information to spyware. This mistake can place an SMB’s customer credentials such as credit card numbers and other personally identifiable information into scammers’ hands -- even depositing money directly into scammers’ pockets.