The Symantec report details the rise of scareware, a form of rogue security software that tricks users into purchasing fake security solutions through fear tactics and social engineering. Scammers earn substantial profits using an affiliate model, often leading to identity theft and weakening of actual security on users' computers. The report highlights the widespread nature of this issue, with 43 million installation attempts reported and various prevention strategies suggested for consumers.

1. SymantecReport on Rogue Security SoftwareSymantec Security ResponseOctober 19, 2009

2. ScarewareA new generation of organized criminals are earning almost three times the weekly salary of the President of the United States through a low-risk, fast-growing online scam

3. Scareware – also known as fake security software– trick people into downloading them, often through unfamiliar websites. Scammers rely on fear tactics and other social engineering tricks to dupe users into purchasing and installing fake security software

4. Scareware often looks like legitimate security software. It tries to convince you that your computer is at risk and then pressures you to purchase software that won’t actually protect you and won’t remove threats from your computer. What Can Scareware Look Like?

5. Fat Cat Cybercriminals Are Growing Rich By Scareware FranchisingThe sale and distribution of scareware uses an affiliate-based business model, similar to buying a well-known high street franchise business. Some distribution sites offer their affiliates incentives in the form of bonuses for a certain number of installs as well as VIP points and prizes such as electronics and luxury cars

6. Scarewarescammers are paid every time they trick someone into installing the fake security software, and commissions are greater for installs of software that also contain malicious codeWhy Is Scareware a Threat?Scareware doesn’t protect against security threats, but people who download it believe their computers are now clean and protected

7. Scareware may actually install malicious code

8. Scareware scammers may use the personal information provided by the victim to purchase the fake security software to commit fraud, including identity theft

9. Scareware can weaken a computer’s security by instructing the user to disable legitimate security software in order to register the fake product. It may also prevent the user from accessing legitimate security websitesHow Can ScarewareGet On Your Computer?Cybercriminals rely on classic social engineering technique – F.U.D. – to dupe users into purchasing and installing rogue security software

10. Ads for scareware are found on both malicious and legitimate sites

11. Links to scareware sites may be distributed in spam email or in comment spam

12. Computer users who might be searching for removal tools to get rid of a threat on their computer may actually come across search results for removal tools that are actually fake security softwareDon’t Let ScarewareHappen to YouDon’t open suspicious emails or attachments

13. Don’t respond to emails that ask for personal info

14. Use an up-to-date security solution purchased from a reputable vendor through a reputable channel

15. When asked to “allow” or “deny” an application access to the Internet, always deny unless you’re absolutely confident the site it is accessing is authentic and safe

16. If you’re on a wireless network, secure it with a password and don’t allow unknown computers to access your home network

17. Use strong passwords with a combination of letters and numbers. Change it regularly

18. Don’t give your credit card details to unsecured sites. Look for https:// at the top of your browser and the padlock symbol on the bottom right-hand corner of the screen

19. Use a website rating service, which can tell you if a site poses a risk before you visit it

20. Review your bank and credit card statements regularly for suspicious transactions

21. For more information on cybercrime and how to protect yourself, visit www.everyclickmatters.comWhat Else Do We Know About Scareware?To date, Symantec has detected more than 250 distinct fake security software programs

22. Symantec estimates that the initial monetary loss to consumers who downloaded and purchased these fake products during this reporting period ranged from $30 to $100

23. Among the distribution sites Symantec observed for this report, the highest payouts to affiliates for installations by users were in the United States, where payouts averaged $0.55 per installation

24. One distribution site observed by Symantec, TrafficConverter.biz, purported to have its top affiliates earning as much $23,000 per week for installing and selling security risks, including fake security software programs, onto people’s computers

25. During this reporting period, Symantec received reports of 43 million fake security software installation attempts from the 250 unique programs identified

26. The top five reported fake security applications observed by Symantec during this reporting period were, in order, SpywareGuard 2008, AntiVirus 2008, AntiVirus 2009, Spyware Secure, and XP AntiVirus

27. Of the top 50 reported fake security applications during this reporting period, 61 percent of the scams observed by Symantec were attempted on users in North America