Cyberwarfare Magazine

Warfare in the Information Age

Posts Tagged ‘Fraud

Fake Anti-Virus Brings in 158 000$ a Week

with one comment

Russian criminals who are selling a fake anti-virus, “Antivirus XP 2008/2009” among others, have made more than 150 000$ in a week, according to the Sydney Morning Herald[1]. If you ever seen those annoying popups warning you that you might be infected with one or more viruses, then you probably came across this scam.

Fake Spyware Detection Alert

Fake Spyware Detection Alert

“For most people they might just be browsing the web and suddenly they don’t know why this thing will pop up in their face, telling them they’ve got 309 infections on their computer, it will change their desktop wallpaper, change their screen saver to fake ‘blue screens of death’,” said Joe Stewart, from SecureWorks said.

The software is sold for 49.95 $US and will “detect” various viruses and Trojans on the computer. Stewart shows that Antivirus XP still has some basic anti-malware functionality, but as he explains, it’s mostly in case the authors are brought to court “they might try to claim the program is not truly fraudulent – after all, it can clean computers of at least a few malicious programs[2]“. Only 17 minor threats can be removed, far from the 102,563 viruses the anti-virus claims to clean. And don’t expect a refund for the software.

The entity behind this fraudware is called Bakasoftware, a Russian company that pays affiliates to sell its anti-virus to users. Affiliates can earn between 58% and 90% of the sale price. Criminals are therefore using everyway to trick users into installing the software, including scaring the user into believing that he is infected, even using botnets to push the program into the users’ computers.

Since it is not hacking people’s computers and only runs the affiliate program, Bakasoftware does not have to worry about being shut down by police“, Stewart said[3].

Affiliate ID

Affiliate Username

Account Balance (USD)

4928 nenastniy $158,568.86
56 krab $105,955.76
2 rstwm $95,021.16
4748 newforis $93,260.64
5016 slyers $85,220.22
3684 ultra $82,174.54
3750 cosma2k $78,824.88
5050 dp322 $75,631.26
3886 iamthevip $61,552.63
4048 dp32 $58,160.20
Table 1.0 – Top earners in the Bakasoftware Affiliate Program[4]
 

Screenshots took from the administrative panel of bakasoftware.com which was hacked by NeoN:

Bakasoftware Registred Domains

Bakasoftware Registred Domains

Bakasoftware All Socks Controls

Bakasoftware All Socks Controls

(Screenshots are from “Rogue Antivirus Dissected – Part 2”, Joe Steward, SecureWorks, October 22, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2)

By the time of this writing, http://www.bakasoftware.com/ was not accessible. Another interesting fact, if the Russian language is installed on your computer, there’s a good chance you won’t be considered as a target because of Russian legislation. Apparently the creators have been sued anyway[5].

Many other fraudware are available, always proposing anti-malware software. Their ads are oven seen on torrents, warez and cracks/serials sites. What’s particularly dangerous is that they can come with other legitimate software or by drive-by downloads. Once they are installed in your computer, they get annoying very fast and can trick you into buying fraudware. Popups can appear that you are infected. Other types of fraudware are those “boost your computer” software.

P.S “baka” means “stupid” in Japanese. A totally appropriate title for the operators of this company.
See also:

“Fake software nets hacker $158,000 in a week”, Stewart Meagher, The Inquirer, November 5, 2008, http://www.theinquirer.net/gb/inquirer/news/2008/11/05/fake-antivirus-nets-hacker-150 (accessed on November 5, 2008)

“Antiviral ‘Scareware’ Just One More Intruder”, John Markoff, The New York Times, October 29, 2008, http://www.nytimes.com/2008/10/30/technology/internet/30virus.html (accessed on November 5, 2008)

“Crooks can make $5M a year shilling fake security software”, Gregg Keizer, ComputerWorld, October 31, 2008, http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security_hardware_and_software&articleId=9118778&taxonomyId=145&intsrc=kc_top (accessed on November 5, 2008)


[1] “Russian scammers cash in on pop-up menace”, Asher Moses, The Sydney Herald, November 4, 2008, p.1, http://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.html (accessed on November 5, 2008)

 

[2] “Rogue Antivirus Dissected – Part 1”, Joe Stewart, SecureWorks, October 21, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-1/?threat=rogue-antivirus-part-1 (accessed on November 5, 2008)

[3] “Russian scammers cash in on pop-up menace”, Asher Moses, The Sydney Herald, November 4, 2008, p.2, http://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.html (accessed on November 5, 2008)

[4] “Rogue Antivirus Dissected – Part 2”, Joe Steward, SecureWorks, October 22, 2008, http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2 (accessed on November 5, 2008)

[5] “Infamous vendor of “AntiVirus XP” badware sued”, Adam O’Donnell, ZDNet, September 30th, 2008, http://blogs.zdnet.com/security/?p=1980 (accessed on November 5, 2008


Advertisements

Written by Jonathan Racicot

November 5, 2008 at 4:28 pm

Cybercrime Rose by 9% in Britain

leave a comment »

The BBC reports that cybercrime rose by 9% in Britain[1]. This is according to Online Identity firm Garlik which release its 2008 Cybercrime Report. The report contains interesting statistics. Among others, identity theft drop from 92 000 offenses in 2006 to 84 700, a 8% drop[2]. Financial fraud rose by 24% and is expected to increase for 2008-2009, mainly due to the financial crisis going on. The report cites the leaked letter from the Home Office indicating a possible rise in crime[3]. This is really no surprise.

Always according to the report, the top three stolen documents for identity theft were non-UK passports, utility bills and UK passports[4]. As for financial cybercrimes, losses from UK victims amounted to £535million (1 billion $CAN, 869 millions $US), up 25% from 2006. The reports further states this interesting bit of information:

“… personal details and identity information are traded online with the 15 Research conducted by Garlik’s team of researchers investigating the presence of illegal trading networks on the Internet, number of trading networks more than doubling (from 27 to 57) over the past nine months. In a typical day, around 520 individual information traders are identified with 19,217 traders being identified this year. Of these, around 700 are ‘long term’ traders …[5]

Cybercrime in the UK rose by more than 9% in 2007

Cybercrime in the UK rose by more than 9% in 2007

That’s 57 trading network and around 20 000 traders, which, at least for me, is a big number. But the report doesn’t specify how those traders were identified though. The 700 “long-term” traders are seemed to be identified only with their online alias. Therefore if the “20 000 traders” is counted using aliases, this number might be higher than the actual number of traders.

The reports do not goes into great details on how the criminals get the information, but it does mention Trojans, phishing and SQL injections as a way to retrieve the information. As for the damage caused by these for UK companies, 830 000 companies report a computer-related incident last year. Viruses accounted for 21% of those incidents and are on the decline.

Fortunately, the report also mention lack of data protection from the government but fail to give any number, since it’s outside the scope of the document. But shouldn’t it be considered so? Shouldn’t this be considered as criminal negligence? After all, lost data impact lives and can lead to disaster for the victims of this negligence…

Garlik also describe interesting statistics about online harassment. The complete report can be found here: http://www.garlik.com/static_pdfs/cybercrime_report_2008.pdf


[1] “Cybercrime wave sweeping Britain”, BBC News, October 30, 2008,  http://news.bbc.co.uk/2/hi/technology/7697704.stm (accessed October 30, 2008)

[2] “UK Cybercrime Report 2008”, Stefan Fafinski, Neshan Minassian, Garlik, September 2008, p. 5

[3] “Leaked letter predicts crime rise”, BBC News, September 1, 2008,  http://news.bbc.co.uk/2/hi/uk_news/politics/7591072.stm (accessed on October 30, 2008)

[4] “UK Cybercrime Report 2008”, Stefan Fafinski, Neshan Minassian, Garlik, September 2008, p. 12

[5] Idem, p. 16

Written by Jonathan Racicot

October 30, 2008 at 6:08 pm