FBI: Scareware distributors stole $150M

According to an intelligence note posted by the Internet Crime Complaint Center (IC3), the FBI is aware of an estimated scareware loss to victims in excess of $150 million.
Written by Dancho Danchev, Contributor

Just how much money did scareware scammers steal from Internet users so far?

According to an intelligence note posted by the Internet Crime Complaint Center (IC3), the FBI is aware of an estimated loss to victims in excess of $150 million. The number should be considered as a rough estimate of a much worse situation, with over 40 million people observed internationally, falling victim to rogue antivirus scams in one year.

What is the IC3 emphasizing on in its intelligence note? The use of "least privilege" accounts as a preventative measure (sandboxing is an alternative).

"The scareware is intimidating to most users and extremely aggressive in its attempt to lure the user into purchasing the rogue software that will allegedly remove the viruses from their computer. It is possible that these threats are received as a result of clicking on advertisements contained on a website. Cyber criminals use botnets to push the software and use advertisements on websites to deliver it. This is known as malicious advertising or malvertising.

Once the pop-up appears it cannot be easily closed by clicking "close" or the "X" button. If the user clicks on the pop-up to purchase the software, a form is provided that collects payment information and the user is charged for the bogus product. In some instances, whether the user clicks on the pop-up or not, the scareware can install malicious code onto the computer. By running your computer with an account that has rights to install software, this issue is more likely to occur."

The estimated financial losses to customers caused by scareware, greatly outpace the revenues generated by spam in general, which due to its epic proportions is wrongly considered as a largely profitable cybercrime endeavor. From a cybercriminal's perspective, the conversion rate of exposed and infected with scareware users, looks much more favorable than the conversion rate of millions of users who clicked on a spam message, but purchased nothing.

What was the the single most important event that took place during 2009, and indicated the cybercrime underground's long-term ambitions into developing the scareware business model?

There are two actually - the integration of the scareware business model within each and every infected host part of the Koobface botnet which is still happening, and even more interestingly, the only attempt by the Conficker botnet to engage in fraudulent activities so far, by pushing scareware on already infected hosts.

You know that scareware is a "game changer", when the Conficker botnet decides to temporarily join the business model, instead of relying on spam campaigns as a revenue source.

Throughout the entire 2009, scareware successfully matured as a fraud scheme, and positioned itself as one of the most profitable monetization tactics applied by cybercriminals. The fraud tactic is prone to escalate in 2010 due to a single fact - it's profitable and the business model has already been positioned as a cash cow in Cisco's Cybecrime Return on Investment Matrix.

Prevention is always better than the cure, and scareware isn't an exception.

Editorial standards