As someone who works within the IT Security space, I have to say that rogueware (also known as scareware) is starting to seriously hack me off. Not that I have ever been conned into purchasing it, I hasten to add, but rather because so many others have and so many people are making rather a lot of money as a result.

Rogueware, which can be loosely defined as any 'fake software solution' which separates unsuspecting users from their cash in order to fix non-existent problems, is increasing by a factor of ten in less than a year according to the chaps at PandaLabs. They have been watching the rogueware phenomenon very closely indeed, and have now published a multi-year study into the proliferation of rogueware into the overall cybercrime economy. The research report, The Business of Rogueware, reveals that:

  • Cybercriminals are earning approximately $34 million per month through rogueware attacks
  • Approximately 35 million computers are newly infected with rogueware each month
  • Rogueware is now being distributed through Facebook, MySpace, Twitter, Digg and targeted blackhat SEO attacks
  • And finally, a confirmation of something that many of us suspected anyway: the majority of these cybercriminals are operating from Eastern Europe

"Rogueware is so popular among cybercriminals primarily because they do not need to steal users’ personal information like passwords or account numbers in order to profit from their victims" said Luis Corrons, PandaLabs Technical Director. "By taking advantage of the fear in malware attacks, they prey upon willing buyers of their fake anti-virus software, and are finding more and more ways to get to their victims, especially as popular social networking sites and tools like Facebook and Twitter have become mainstream."

There are now approximately 200 different rogueware families, and in the first quarter of 2009 alone more new strains were created than in all of 2008. The second quarter painted an even bleaker picture, with the emergence of four times as many samples as in all of 2008. In Q309, PandaLabs estimates a rogueware total greater than the previous eighteen months combined.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.