Revealed: The anatomy of an internet scam

Scareware networks are bad for your PC - and your pocket

Scareware networks are bad for your PC - and your pocket

Scareware is bad for your PC and your pocket - but the fake security warning messages popping up on your screen are only the most visible part of a complex scam.

Scareware is fake security software, often heralded by an ersatz dialogue box warning unsuspecting users that their PC is under attack by malware or that it's at risk of a virus infection. For a small fee, the scareware promises, it can solve those security woes.

Needless to say, after victims hand over their credit card details, at best they receive useless software or nothing at all, and at worst, they download themselves a wolf in sheep's clothing - malware purporting to be antivirus software.

Scareware is a growing problem - according to the Anti Phising Working Group, the amount of rogue antivirus software has increased six-fold in the first half of this year and 200 gangs are using it to make money.

And scareware peddlars aren't pushing their software on their own: they have a network of affiliates who earn a fee for every PC user they hook with their fake security software, according to a report by security company Symantec.

The fee-per-installation rate for scareware ranges from 1 cent to 55 cents, depending on geography, with UK users nearing the top of the table at 52 cents per scalp, Symantec said.

For the best earning affiliates, there's also the promise of prizes - cars and electronics - as well as bonuses for the most prolific scareware pushers.

But do the scareware kingpins deliver on their promises? Apparently so, according to David Wall, professor of criminal justice and information society at the University of Leeds.

"My understanding is these people pay up because they need the compliance of these individuals [their affiliates]. One of problems in the way this crime is organised is it's not like mafia command and control, these are people that agree to work together on certain projects. "

In return for their loyalty, the scareware kingpins also provide their affiliates with the tools of their trade, including malware and software to help the scareware avoid detection by legitimate security software, Symantec said.

If the scammers' structure sounds like a clever marketing operation than a criminal scheme, that's no surprise: most scareware operations are closer to business than they are to gangster rackets, according to Wall.

"In a way, the way these scams are constructed they're more like elaborate business ventures that border on illegality.

"The strange thing about the way they're developing is they're moving more away from the criminal border to the legal border," he said.

Instead of aiming to get an individual's bank details and then drain their account, the scammers are now happy with a simple one-off payment.

"In the early days a lot of the scareware was a smokescreen for a lot of phishing information - spyware that would look for your financial details - today they're really just designed to get that £15, £20, £30 out of you."

By moving away from malware distribution and into flogging useless software for cash, the scareware peddlars can avoid detection - £20 wasted is likely to prompt the victim to call the banks and police in the same way an emptied bank account would - and is equally less likely to draw the ire of the authorities.

Of course, not all scareware will leave users a few pounds worse off - while a kingpin may distribute scareware with no malware attached, his associates will likely have other ideas.

"What some of the threat analysts are starting to find is that, as affiliates get involved with their own agenda, they think why don't we put another piece of malicious software in there to link them to a botnet? That's against the original quasi-criminal agenda of the kingpin who started it all off.

"It's a very complex crime."