Scamware selling gets even more elaborate

March 23, 2009
by

Sellers of bogus spyware software are scamming legitimate websites as well as computer users according to a security firm. The software scam is on such a large scale that those behind it are paying at least $10,000 a day to get hold of potential victims. Scamware is not a new con: the perpetrators use pop-up windows which claim a visitor's computer is infected with spyware, then offer to sell them a spyware removal tool. At best the victim pays out for software which simply doesn't work. At worst their credit card details get sold on as part of a list of suckers. But today's report by Finjan reveals more about how the victims find themselves on such sites in the first places. The basis of the trick is to produce pages full of words and phrases which are close to popular search terms, but slightly misspelt. These pages link to the sites promoting the bogus software. Because there is little competition for such terms (legitimate sites spell the correctly), the scammers can get to the top of major search engines quickly and easily, and thus take advantage of people who make typing mistakes in their search. While this is a small proportion of people, and many of those who do make a typo will spot the results look suspicious, a small proportion of hundreds of millions of people still leaves a useful audience. Such trickery shouldn't normally work with the major search engines as the bogus sites won't have any credible links to them and should be automatically weeded out by the likes of Google. However, it now appears people are hacking into legitimate websites and using them to host the bogus pages. Finjan's analysis of web traffic for such scams – which came from finding a single compromised website and tracing the electronic trail – reveals that the redirection process has become an industry in itself. The people creating the bogus pages earn 9.6 cents for every user they redirect to the sites promoting the scamware. In the cases Finjan found, these 'affiliates' redirected 1.8 million users in 16 days, pocketing $172,000. Of course, that's chump change for the scamware sellers. While just 1.79% of those who wound up getting the bogus spyware warning went on to buy the 'product', that's 32,220 people paying $50 a time, making a cool $1.6 million – or $100,000 a day.Sellers of bogus spyware software are now scamming legitimate Web sites and search engines as well as computer users according to a security firm. The software scam is on such a large scale that those behind it are paying at least $10,000 a day to get hold of potential victims.

Scamware is a well-established con: the perpetrators use pop-up windows which claim a visitor’s computer is infected with spyware, then offer to sell them a spyware removal tool. At best the victim pays out for software which simply doesn’t work. At worst their credit card details get sold on as part of a list of suckers.

But today’s report by Finjan reveals more about how the victims find themselves on such sites in the first places. The basis of the trick is to produce pages full of words and phrases which are close to popular search terms, including newsworthy names, but slightly misspelled. These pages link to the sites promoting the bogus software.

Because there is little competition for such terms (legitimate sites spell the correctly), the scammers can get to the top of major search engines quickly and easily, and thus take advantage of people who make typing mistakes in their search. While this is a small proportion of people, and many of those who do make a typo will spot the results look suspicious, a small proportion of hundreds of millions of people still leaves a useful audience.

Such trickery shouldn’t normally work with the major search engines as the bogus sites won’t have any credible links to them and should be automatically weeded out by the likes of Google. However, it now appears people are hacking into legitimate Web sites and using them to host the bogus pages.

Finjan’s analysis of web traffic for such scams – which came from finding a single compromised Web site and tracing the electronic trail – reveals that the redirection process has become an industry in itself. The people creating the bogus pages earn 9.6 cents for every user they redirect to the sites promoting the scamware. In the cases Finjan found, these ‘affiliates’ redirected 1.8 million users in 16 days, pocketing $172,000.

Of course, that’s chump change for the scamware sellers. While just 1.79 percent of those who wound up getting the bogus spyware warning went on to buy the ‘product’, that’s 32,220 people paying $50 a time, making a cool $1.6 million – or $100,000 a day.



Related Posts:

Posted in Scams, Security | No Comments » Read more from

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Check out our:

Archives

Copyright © 2012 Blorge.com NS