Rogue security software can not only be a malicious threat to computers, but it can also lead to end-user identity theft and credit card fraud. The root of the issue lies behind user-education, awareness and best of breed security practices, which are areas that channel partners can help out in, a Symantec Corp. (NASDAQ: SYMC) executive said.
Symantec has released its global report on rogue security software, covering the period from July 2008 to June 2009. Marc Fossi, executive editor and manager of security response for Symantec, said a rogue security software program is a type of misleading application that pretends to be legitimate security software. This is also known as scareware, he said, which can also take on the form of a false anti-virus scanner. Since the application is not legitimate security software, it doesn’t protect users from security issues or threats, but rather, can actually install malicious code on the computer, or even worse, can lead to identity theft or credit card fraud.
Rogue security software can be installed by the user, who thinks the program is legitimate, or the software can be installed unknowingly when a user visits a malicious Web site.
“The primary line of defense to protect users against rogue security software is legitimate anti-virus products,” Fossi said. “These products tend to have signatures (to detect) these fake applications.User education and awareness is also another important thing that partners can help out with. Partners should explain to the user what risks are possible and what realistically could happen.”
David Senf, director of infrastructure solutions at IDC Canada, explained in a previous interview with CDN that the problem behind threats like rogue security software really lies in social engineering.
“The problem of rogue software is social engineering … the heart of (the matter) is a user is duped. For the channel, the ability to generate leads from this sort of attack, say for training, is limited,” said Senf. “But (still), the ability for the channel to generate awareness or demand is possible. Raising knowledge levels is critical.”
Some of the best practices that partners can share with their customers include network intrusion detection and endpoint security solutions, and making the customers aware that they need to have patching procedures in place to make sure the Web browser and the associated plug-ins are patched up and are up to date, Fossi said.
Based on its research, Symantec has detected over 250 distinct rogue security software programs worldwide, Fossi said. Furthermore, during the time of this report, Symantec also received reports of 43 million rogue security software installation attempts from these 250 distinct samples.
The issue of rogue security software is nothing new. Back in the spring, CDN interviewed Mohammad Akif, national security and privacy lead for Microsoft Canada, who said the reason why rogue security is becoming so prevalent is because, “hackers are becoming sophisticated in how they’re sending out viruses that look like security software,” he said.
Fossi also said that since there’s a profit motive behind installing fake software on a user’s computer and trying to get them to make a purchase, rogue security software often takes many forms online, which tricks the users into installing or purchasing it. Rogue security software can take the form of drive-by downloads, or can use browser plug-in vulnerabilities. They can also take the form of banner ads, telling the user there’s a problem with their computer and to fix it, they must download and purchase what the end-user thinks is legitimate software, but is not. Once the user inputs his or her credit card and personal information in the system, the bad guys can then steal and sell a person’s identity and credit card information to sell in the underground economy, Fossi explained.
“The rogue security software economy works like a pyramid where you have the distributor that creates the applications and will host the download of them, and the affiliates, who try to get the software installed on the computer. For each installation, they get paid, and for each installation that results in a purchase, they get more money. As long as the bad guys are making money at this, they’ll keep doing this until they can no longer make a profit.”