Cyber-criminals Undaunted by Economic Downturn?

By Matthew Hines  |  Posted 2008-10-17 Print this article Print

It seems like it's a bit early to make such assumptions, but Panda Security's PandaLabs is already on the record as predicting that the current economic instability in world markets will only serve to increase the cyber-crime epidemic.

Specifically, and as in many other recent research reports, PandaLabs is pointing to the exponential increase in the fake anti-virus threat model and its apparent effectiveness in duping some PC users as proof that attackers will only serve to benefit from the economic turmoil.

I'm not sure where the direct line is between the rise in phony-AV malware and economic uncertainty, but clearly the attacks are proliferating rapidly.

PandaLabs estimates that each month 30 million computers are being infected by the malware-bearing phony AV programs. The security software maker has already tracked over 7,000 variants of the threats, its researchers reported.

As a result, cyber-criminals are generating at least $14 million in profits per month, the company estimated.

Many of the attacks are being crafted to steal e-banking credentials, and at least 3 percent of users affected by the threats are also paying for additional programs that claim to clean up files that the initial phony AV tools claim to find.

"The information we have at present suggests that approximately 3 percent of these users have provided their personal details in the process of buying a product that claims to disinfect their computers," Ryan Sherstobitoff, chief corporate evangelist for Panda Security, noted in a report summary. "Extrapolating from an average price of $68.31 [per fake AV license], we can calculate that the creators of these programs are receiving more than $13,666,000 per month."

As previous reports have indicated, the fake AV attacks are being driven by thousands of variants of related adware, which is finding its way to users via the browsing of adult-themed Web pages, downloading of files from peer-to-peer networks and responding to malicious e-greetings.

There have even been cases of the Google home page being manipulated as part of the schemes, Panda said.

"These programs all operate in a similar way. The program tells users that they are infected and pop-up windows, desktops and screensavers keep appearing, practically preventing the victim from using the computer. The aim is to scare the user into buying the fake anti-virus with, for example, cockroaches 'eating' the desktop, or fake blue screens of death," the report concluded.

"One of the worst things is that these programs are very difficult to disinfect. More advanced users might try to disinfect them manually, but this is no easy task. In general, it can take users up to three days to completely remove this threat from a computer," Sherstobitoff said. "That's why we advise users whose anti-virus has not detected the threat to install a new-generation security solution designed especially to detect, disinfect and eliminate all traces of these malicious programs."

In a nod to the professionalism of some of the involved attackers, Sherstobitoff conceded that many of the pages being used to convince people to download the tainted AV tools appear to be legitimate.

"What we still don't know is whether the bank or credit card details are then used later by the cyber-crooks," Sherstobitoff said. "If that were the case, the financial implications are even greater. This new technique demonstrates the ingenuity of cyber-crooks, who are constantly on the lookout for new ways to make money."

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel