Fake antivirus and other scareware programs seem to be on the decline for now as criminals struggle to recover from the raids this summer and ChronoPay CEO's arrest.
After the recent crackdown around the world on companies
allegedly distributing scareware programs, the fake security business seems to
be in full retreat, according to a recent report.
The number of new fake antivirus, scareware and other rogue
software incidents have declined 60 percent since June, Alvin Estevez, CEO
of Enigma Software said Aug. 18. The analysis was based on the company's
support logs, software detection and support tickets from new customers.
Scareware programs trick users into thinking there is
something wrong with the computer and charge money to repair the problem. While
the most common type of scareware is the fake antivirus, other types are
available, including disk utilities and file management tools
"It's a million dollar
industry," Estevez said.
Law enforcement authorities in the United States, United
Kingdom Netherlands, Latvia, Germany, France, Lithuania and Sweden seized over
40 computers to break
up a scareware cyber-crime gang
in June. The criminals victimized nearly a
million individuals and infected over 960,000 computers, netting approximately
$72 million, the FBI estimated. The authorities also gained control of five
bank accounts used to move money around among the gang members.
A day after the coordinated raids, Russian authorities
Vrublevsky, CEO of ChronoPay
, Russia's largest processor of online
payments. Vrublevsky was arrested on charges of hiring a hacker to attack
ChronoPay's rivals. ChronoPay
has been "consistently" involved with
handling credit card processing for many of the rogue antivirus or scareware
scams, wrote Brian Krebs on his blog Krebs on Security. Vrublevsky has also set
up companies on behalf of these scammers, including Rx-Pharmacy, a rogue online
pharmacy program, Krebs said.
The combination of the raids and the arrest of Vrublevsky
appears to have impacted the ability for the scareware makers and distributors
to get paid, Estevez said.
"When they can't get paid by their victims, they
shrivel up and go away," said Estevez.
Cyber-criminals infect victims' computers using a using a
variety of tricks, such as pop-up windows that claim to have found a virus on
the computer, social engineering messages purporting to be from friends, or
links in spam. Once the software is on the computer, users are shown a long
list of issues, but are told the only way to remove the problem is to fork over
money for the cleaning tool. The fake software generally ranges from $49.95 to
$129 a copy and the users may see other behavior consistent with malware, such
as pop-up windows and slow performance.
While purchasing the fake antivirus does make the scareware
stop displaying the warnings, handing over a credit card number to these scams
can lead to a whole new set of problems.
Enigma makes Spy Hunter 4, a real-time anti-spyware
application designed to detect and remove spyware and malware. Enigma analyzed
the logs collected from customers with Spy Hunter installed to determine
infection rates as well as to identify new fake AV variants.
McAfee also reported a drastic drop in the number of
customers reporting fake antivirus detections after June. The difficulty in
processing credit card payments means the developers can't collect money from
the victims or pay their distributors their cut for pushing the software out.
Enigma's team said the business effectively has been shut
down, "for now," noting that cyber-criminals are flexible and
"they'll figure out another way to get their scareware out and to get paid
by their victims," according to the post. Enigma expected another
cyber-gang will pick up operations and the fake software scams will be back
again "sometime soon."