Saturday, July 9, 2011

Fake Anti Virus Software: A New Business Model Emerges

Researchers from the Departments of Computer Science and Economics of the University of California (Santa Barbara) have recently released the results of their yearlong investigation into three fake anti virus companies (named Fake AV1, AV2 and AV3). They were able to infiltrate and monitor the backend servers of the three companies, all of which were controlled by East European cybercriminals. Summarised daily and yearly sales figures below.

Total Sales per Day (USD)Total Sales per Year (USD)Infection¹ rate (no. users per day)Infection¹ rate (no. users per year)Purchase² rate (no. users per day)Purchase² rate (no. users per year)Average Selling Price (USD) Conversion Rate³
Fake AV1$123,288$45,000,00092,05533,600,000 2,209806,400$55.802.4%
Fake AV2$10,411$3,800,00013,5624,950,000 285103,950$36.552.1%
Fake AV3$132,603$48,400,000100,055 36,520,000 2,201803,440$60.242.2%
Total$266,302$97,200,000205,672 75,070,000 4,6951,713,790$56.712.3%
Source: Extrapolation of data contained in the UCSB research report over both a yearly and daily basis.
¹ Infection refers to users who have installed the Fake Anti Virus software trial, but not necessarily purchased it.
² Purchase refers to users who have both installed the Fake Anti Virus software trial, and then purchased a license for it.
³ Conversion Rate refers to the number of purchases as a percentage of the number of infections.

They uncovered a sophisticated method of flying under the radar of credit card fraud detection by minimising chargebacks (credit card refunds) which in turn meant that no suspicion would be raised by the victim's bank or credit card company. They did this simply by maintaining a 24/7 support hotline, thereby keeping a track of the customer's suspicions, and when necessary, issuing refunds directly back to the customer. Fewer than 10% of all victims asked for a refund, meaning that the cybercriminals could issue a full refund to all complainants, and still make massive profits. But in fact the criminals only issued enough refunds to keep their chargeback ratio under the suspicious limit (such as 3%) thereby squeezing the maximum amount of cash from their victims.
The flow of money in the Fake Anti Virus Business Model
The researchers were able to follow the money trail from the victim, on to the payment processing company, which happened to be exclusively ChronoPay, on to rouge merchant accounts at banks in Europe and Asia. From these merchant accounts, money was transferred back to the Fake AV affiliate members exclusively via a virtual electronic currency called WebMoney. The affiliate members, who provide the original victim's computer details to the controlling gang, are very highly rewarded, taking in anywhere from 30% to 80% commission on sales. The most successful affiliate was able to bank approx. US$30,000 per day from Fake AV1.

A typical Fake Anti Virus popup that leads to the initial infection
Follow @dodgy_coder

Subscribe to posts via RSS

No comments:

Post a Comment