This summer's crackdown on computer scareware companies around the world along with the arrest of ChronoPay's CEO Pavel Vrublevsky has virtually shut the fake security software business down...for now. For those of you who don't know, scareware (or rogue anti-spyware program) is a type of malicious software that tricks people into thinking they have a malware infection. The software claims to find security risks and asks for cash to fix them. If you pay (sometimes as much as $129), the 'problem' temporarily goes away.
If you don't pay, your computer will be bombarded with pop-ups that warning you about the problem and make your computer virtually impossible to use. How do people get this malicious software on their computers in the first place? Usually by visiting untrusted web sites or clicking on advertisements that redirect to web pages that pretend to be an online malware scanner. It's a multi-million dollar industry that is run, for the most part, out of Russia where scammers are out of reach of law enforcement.
We've been fighting against these scareware providers for years. It's an ongoing digital arms race. Every time malware makers come up with a new, sophisticated way to infect computers with their scareware, we come up with a way to remove it.
In June, the FBI coordinated a series of raids in the US and 11 other countries to shut down one of the biggest scareware gangs. Read the following articles on the anti-cyber crime effort:
- 'Scareware' Distributors Targeted 12 Nations Coordinate Anti-Cyber Crime Effort
- FBI Targets Cyber Security Scammers
Aside from the FBI cracking down on international "scareware" rings in 12 countries, Russian police arrested Pavel Vrublevsky, co-founder of ChronoPay, Russia's biggest processor of online payments and a lead player in several fake AV scams. The combination of these two events lead to a dramatic decline in fake anti-spyware and anti-virus software. On our end, we've seen a drastic drop in scan logs from new users, support logs, detections, and support tickets from new customers. Basically, we've witnessed a 60% decline in new fake AVs, scareware, and rogue anti-virus incidents.
Figure 1. Our "rogue anti-spyware/anti-virus detections" chart shows a downward trend since the FBI raided several cyber crime rings and Russian police arrested ChronoPay's CEO Pavel Vrublevsky.
The FBI raids cut off the ability for the scareware makers and distributors to get paid and when they can't get paid by their victims, they shrivel up and go away. The anti-malware industry has definitely taken notice of the results of this shakeup. Security company McAfee has also experienced a drastic drop in the number of customers reporting fake anti-virus detections. Another indicator of the state of things is to check search volume of popular rogue anti-spyware programs in Google Trends. Here are two charts showing how often people have searched for "Vista Security 2012" and "XP Antispyware 2012" -- these are the names of what USED to be very widespread fake security programs. Look at the drop off in late June. It's dramatic.
Figure 2. Traffic for "Vista Security 2012" and "XP Antispyware 2012" search terms dropped considerably since June 2011.
You'll notice at the beginning of this post we said the fake security software business has been shut down...for now. Sadly, cybercriminals and scareware makers are smart. They're very good at what they do. And we have no doubt that sometime soon, they'll be back. They'll figure out another way to get their scareware out and to get paid by their victims. We expect that another cyber gang is going to step in and fill that void. And when they do, we'll be waiting for 'em.