Millions of computer in the US are infected with fake security software, which their owners may have even paid for, according to a cybercrime report from security company Symantec. Such software would only make computers more vulnerable, possibly allowing cybercrooks to take complete control of an infected computer.
"Lots of times, in fact theyre a conduit for attackers to take over your machine. Theyll take your credit card information, any personal information youve entered there and theyve got your machine," said Vincent Weafer, Symantecs vice president for security response.
Symantec found 250 different kinds of fake security software installed on computers, all with perfectly legitimate sounding names such as "Antivirus 2010" and "SpywareGuard 2008". According to Weafer, around 43 million downloads of fake security software were attempted in one year, although they do not know how many would have successfully completed.
"In terms of the number of people who potentially have this in their machines, its tens of millions," Weafer said.
So how do cybercriminals get people to download or buy the fake security software? They plant fake adverts and alerts across the web that inform users that they have a virus on their computer - weve all seen them - and that if you download their "security software" the virus will be removed.
And if that wasnt bad enough, the cybercriminals are also using affiliate schemes to get middlemen to "sell" the software to potential victims, with the affiliate potentially earning 55 cents a download. According to Weafer, one affiliate scheme (which has been shut down), boasted that its top affiliates earned as much as $332,000 a month.
"What surprised us was how much these guys had tied into the whole affiliated model," Weafer said. "It was more refined than we anticipated."