Even though tricking users into downloading rogue security software, or scareware, is one of the oldest tricks up cybercriminals' sleeves, it continues to be one of the biggest threats in cyberspace, noted a security expert.
In an e-mail interview with ZDNet Asia, Danny Siew, Trend Micro's senior director for technical support in the Asia-Pacific region, said: "Given the fact that for most of last year, and up until today, we are seeing scareware taking advantage of hot search trends or news or events, its presence should be a concern not just in Asia but all over the world."
His observation is backed by findings released in December 2009 by the U.S. Federal Bureau of Investigation (FBI), which stated that aggressive scareware tactics led to an estimated loss of more than US$150 million to users.
McAfee attributed the success of scareware to social engineering. Vu Nguyen, Asia-Pacific and Japan manager for McAfee Labs' global threat response team, said many of these attacks tapped current news, such as the recent earthquake in Haiti, or specific terms to lure victims to open antivirus files.
"Why is this successful? It is based on scare tactics to get users to react and pay the money right away," noted Nguyen in an e-mail statement.
Trend Micro's Siew added that the traditional methods of getting Net users to download fake antivirus programs are evolving, with cybercriminals now looking to "lock up" victims' data by encrypting their files and holding it ransom until users pay to release them. This method of attack is also known as "ransomware".
In a blog post on the security vendor's TrendLabs Malware Blog site, Det Caraig explained that to recover these files, a user has to download a paid version of the fake antivirus program. "In reality, however, the paid version of the program fixes the problem that [was] created in the first place but only after the user has been forced to pay up," he added.
Evolving FAKEAV attacks
One of the more common scareware currently in circulation in Asia, as well as globally, is FAKEAV. Siew said that in 2009 alone, more than 50 FAKEAV-related attacks were reported. Attack methods were initially in the form of, for example, bogus LinkedIn profiles proliferating malicious URLs that consequently led to FAKEAV downloads.
However, over time, cybercriminals started to venture into ransomware and search engine optimization (SEO) poisoning, Siew noted. More recent developments also include the use of Google Trends and geolocation technologies that track Internet Protocol (IP) addresses, which "enabled cybercriminals to instigate more targeted and more successful attacks", he said.
Prevention better than cure
To prevent scareware attacks, the most basic rule is still to "avoid clicking any URL and executing any file that came from someone you do not know", Siew said. "Despite this oft-repeated warning, however, people still fall prey to their own curiosity and pay the price."
Other than encouraging users to install security software to safeguard their data, McAfee's Nguyen also advised users to use their common sense. "If something is too good to be true, then it probably is."