A new Symantec report on cybercrime showed that tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but only makes the machines more vulnerable, Reuters reported.
Fake security alerts are being planted in PCs that pop up when computer users access a legitimate website. These “alerts” warn them of a virus and offers either free or paid security software.
Vincent Weafer, Symantec’s vice president for security response, said often the “security updates” are a conduit for attackers to take over your machine.
Weafer said some rogue software turns a users’ machine into a botnet, a network of machines taken over to send spam or worse.
“They’ll take your credit card information, any personal information you’ve entered there and they’ve got your machine,” he said.
Weafer said that Symantec found 250 varieties of scam security software with legitimate sounding names like Antivirus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded.
“In terms of the number of people who potentially have this in their machines, it’s tens of millions,” he said.
Meanwhile, undercover “affiliates” acting as middlemen to convince people to download the software were believed to earn between 1 cent per download and 55 cents. Yet it is unknown exactly how much cyber-thieves have made using these scams.
Weafer said that TrafficConverter.biz, which has been shut down, had boasted that its top affiliates earned as much as $332,000 a month for selling scam security software.
“What surprised us was how much these guys had tied into the whole affiliated model,” Weafer said. “It was more refined than we anticipated.”
Tony Neate, from Get Safe Online, told the BBC the threats presented by the Internet had changed in recent years.
“Where we used to say protect your PC… we’ve now got to look at ourselves, making sure we’re protected against the con men who are out there,” he said.
He added that once cyber criminals have infected a machine, the user no longer has control over it.
“Then what they’re looking to do is take away your identity, steal bits of your identity, or even get some financial information from you,” he said.
On the Net: