Evidence of mass-market small-loss scamming
Symantec has found as many as 250 different cases of fake anti-virus and scareware scams that are being distributed through 200,000 web sites across the globe.
Cyber criminals could be pocketing up to £850,000 from the scams, the security vendor speculates in a new report on the phenomenon, suggesting that its findings indicate 43 million people were duped into paying for false security software in the year ending June 2009.
David Wall, a criminal psychologist and an expert in cybercrime working at the University of Leeds said of the findings, “Not only have we seen an explosion of activity in the last six months or so but these operation have become almost silky smooth. It has become a form of cybercrime that is almost wholly automated. Once a computer has become infected, the scammers don’t need to be involved in seeing the crime through.”
With scareware an infected computer is effectively hijacked and any attempt made by the user to run a programme or open a document, will be frustrated. It can prove extremely difficult to clean manually, forcing victims to pay for the fake anti-virus systems.
The Anti-Phishing Working Group recently estimated that 485,000 samples were detected in the first six months of the year, which is more than five times the total detected for the whole of 2008.
On the back of this surge, Symantec reckons there is evidence of rising crime and a healthy amount of trade between criminals in the sale and distribution of scareware franchises. Some distribution sites apparently offer their affiliates incentives in the form of bonuses for a certain number of installs.
In terms of the legality of what the cybercrimals are doing, Wall said it could sometimes be very hard to prosecute. “Some of the terms and conditions posted as part of the fake anti-virus download are very carefully worded, with the criminals spelling out exactly what people were getting for their money.”
The scams also take place across jurisdictions, which can cause investigatory problems.
Because the individual losses are relatively small, Wall noted that police agencies find it hard to justify committing resources to investigate scareware.He also said that quite often people would not necessarily feel they had fallen victim, because after they downloaded the software the security problem they faced would go away.
In a separate development, a criminal gang has been successfully prosecuted for using a sophisticated Trojan implant to siphon off £600,000 in funds from 138 NatWest customer accounts. They are currently awaiting sentencing in London’s Southwark Crown Court.
It is a rare occurrence for an actual prosecution to come to fruition because even when a perpetrator is found, bringing a case against them can eat up huge resources on the part of banks and the justice system.
Mel Morris, chief executive of Prevx believes the cases is further evidence that financial services companies need technology that will lock down a customer’s online banking sessions.
He said, “At a an average loss of nearly £5,000 per customer, what this case does highlight is that despite having the most up-to-date anti-virus software installed, these threats can still be missed. This vicious circle of online banking fraud can only be broken when both banks and their customers can easily lock down an online banking session so that even an infected PC is prevented from actually exposing banking details.”