Rogueware has become an instrumental player in the cyber-crime economy, as approximately 35 million computers are newly infected with rogueware each month. This sees cyber criminals earning around $34 million per month from these attacks.
So says a recent Panda Security study, which explains that rogueware consists of any kind of fake software solution that attempts to steal money from PC users by luring them into paying to remove non-existent threats.
Panda predicts it will record more than 637 000 new rogueware samples by the end of Q3 this year, a tenfold increase in less than a year.
“Rogueware is so popular among cyber criminals primarily because they do not need to steal users' personal information like passwords or account numbers in order to profit from their victims,” says Jeremy Matthews, head of Panda's sub-Saharan operations.
“By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially since popular social networking sites have become mainstream.”
Panda explains there are approximately 200 different families of rogueware, with variations continuing to grow. In the first quarter of 2009 alone, more new strains were created than in all of 2008. The second quarter saw the emergence of four times as many samples as in all of 2008. In Q3, Panda forecasts a rogueware total greater than the previous 18 months combined.
Cyber criminals create so many variants of rogueware to avoid signature-based detection by anti-virus programs, explains the company. The use of behavioural analysis is of limited use in this type of malware because the programs themselves do not act maliciously on computers.
However, Panda Security has started to identify more advanced malware variants that are using typical Trojan features, rootkits and other techniques to subvert virus detection technologies.
According to the Panda reports, the rogueware business model consists of two major parts: program creators and distributors. The creators are in charge of making rogue applications, providing the distribution platforms, payment gateways, and other back office services. The affiliates are in charge of distributing the rogueware to as many people and as quickly as possible.
The research also revealed the affiliates are mostly made up of Eastern European hackers who earn a variable amount per each install and between 50% to 90% commissions for completed sales. The Panda report includes financial statements and photos from events hosted by the leaders of these hacking organisations that are not dissimilar to corporate sales events.
Related stories:
Social networkers exposed to cybercrime
Cyber crooks exploit risky searches
Security plays cat and mouse
Share