Symantec: Fake security software in millions of computers

WASHINGTON (Reuters) - Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.

Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee.

"Lots of times, in fact they're a conduit for attackers to take over your machine," said Vincent Weafer, Symantec's vice president for security response.

"They'll take your credit card information, any personal information you've entered there and they've got your machine," he said

Symantec found 250 varieties of scam security software with legitimate sounding names like Antivirus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded, said Weafer.

"In terms of the number of people who potentially have this in their machines, it's tens of millions," Weafer said.

It was also impossible to tell how much cyberthieves made off with but "affiliates" acting as middlemen to convince people to download the software were believed to earn between 1 cent per download and 55 cents.

TrafficConverter.biz, which has been shut down, had boasted that its top affiliates earned as much as $332,000 a month for selling scam security software, according to Weafer.

"What surprised us was how much these guys had tied into the whole affiliated model," Weafer said. "It was more refined than we anticipated."

(Reporting by Diane Bartz; editing by Gunna Dickson)


http://tech.yahoo.com/news/nm/us_cybersecurity_symantec

I can't believe people actually pay for totally unfamiliar names of security software when there there are many excellent well-known brands that are widely available for free by their makers.

(by free I mean you only pay if using it for commercial purposes, but personal use at home is free.)

there are those that are not as familiar with what is available and those pop up ads, once on your computer, can be tricky to eradicate and very intrusive. One got into my granddaughters computer and it took me awhile to get rid of it.

Wait, they mean other security software that their owners may have paid for but which only makes the machines more vulnerable?

Oh well.

:evilgrin:

Last time I used it was the 2003 edition. Sucked up system resources, expired after a year, pain in the ass to remove, heavily intrusive, conflicted with other antivirus/firewall software, and installed many instances of the program on my system.

Yep, sounds like a virus to me!

I always recommend Avast or AVG. They do the job, and do it well. And both are free, unlike that overpriced POS Norton.

:thumbsup:

But then, it has been 4 yrs since I trashed my PC. I don't worry about viruses w my mac.

It was like the medicine was just as bad as the illness.

Now it uses very little resources like AVG. It's truly a night and day change from the bloatware of the past.

The damn things have tried to take over my computer several times this week. I have two legitimate virus scanners, but the blasted thing works around them. I found that, if you can't close out the website, you can do it through the task manager.

They've been going through needleworking sites lately.....

...of security in this medium is sheer fantasy!

:hi:

...just do a search for the best freeware firewall/AV/trojan...etc programs. Average out the info from several white hat sites...download from reputable sites ONLY...use the programs.

SpywareBlaster is a good start as a way to stop the crap from coming in.

It found and removed some spyware on my computer that nothing else could see.
Before the CPU usage was 4% to 10% all the time. Now it is 0% for much of the time.
I have used it on 6 different computers so far and am impressed with it.

http://www.malwarebytes.org/

https://addons.mozilla.org/en-US/firefox/addon/722

"...Winner of the "2006 PC World World Class Award", this tool provides extra protection to your Firefox.

It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts, thanks to its unique ClearClick technology.

Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality..."

so you are safer with it for a browser. One of my recent useful add-ons I can't remember what it was called and my list doesn't say, but you can put a button on your window bottom that allows you to select Java as well as a separate button for Javascript -- and just mark them 'on' or 'off'' by clicking on them. The add-on called "Request Policy" is a great one too, where I can see what is wrong when a website won't do something for me, and can indicate exactly what to allow or not allow by clicking on this tab in the bottom of the window. I also like the "Ghostery" add-on which shows you what is being blocked on a website and allows you to unblock it if you wish.

AVG antivirus and Comodo Firewall are working well for me. I was a Norton fan years ago, mostly because of the great personalization you can do to the incoming / outgoing firewall, but the newer version was much less user-friendly and definitely a resource hog so that's when I started looking around and found out, hey, you can do all this stuff for FREE. You don't have to learn a whole lot about these programs to get them working for you, either.