Saturday, July 9, 2011

Fake Anti Virus Software: A New Business Model Emerges

Researchers from the Departments of Computer Science and Economics of the University of California (Santa Barbara) have recently released the results of their yearlong investigation into three fake anti virus companies (named Fake AV1, AV2 and AV3). They were able to infiltrate and monitor the backend servers of the three companies, all of which were controlled by East European cybercriminals. Summarised daily and yearly sales figures below.

Total Sales per Day (USD)Total Sales per Year (USD)Infection¹ rate (no. users per day)Infection¹ rate (no. users per year)Purchase² rate (no. users per day)Purchase² rate (no. users per year)Average Selling Price (USD) Conversion Rate³
Fake AV1$123,288$45,000,00092,05533,600,000 2,209806,400$55.802.4%
Fake AV2$10,411$3,800,00013,5624,950,000 285103,950$36.552.1%
Fake AV3$132,603$48,400,000100,055 36,520,000 2,201803,440$60.242.2%
Total$266,302$97,200,000205,672 75,070,000 4,6951,713,790$56.712.3%
Source: Extrapolation of data contained in the UCSB research report over both a yearly and daily basis.
¹ Infection refers to users who have installed the Fake Anti Virus software trial, but not necessarily purchased it.
² Purchase refers to users who have both installed the Fake Anti Virus software trial, and then purchased a license for it.
³ Conversion Rate refers to the number of purchases as a percentage of the number of infections.

They uncovered a sophisticated method of flying under the radar of credit card fraud detection by minimising chargebacks (credit card refunds) which in turn meant that no suspicion would be raised by the victim's bank or credit card company. They did this simply by maintaining a 24/7 support hotline, thereby keeping a track of the customer's suspicions, and when necessary, issuing refunds directly back to the customer. Fewer than 10% of all victims asked for a refund, meaning that the cybercriminals could issue a full refund to all complainants, and still make massive profits. But in fact the criminals only issued enough refunds to keep their chargeback ratio under the suspicious limit (such as 3%) thereby squeezing the maximum amount of cash from their victims.
The flow of money in the Fake Anti Virus Business Model
The researchers were able to follow the money trail from the victim, on to the payment processing company, which happened to be exclusively ChronoPay, on to rouge merchant accounts at banks in Europe and Asia. From these merchant accounts, money was transferred back to the Fake AV affiliate members exclusively via a virtual electronic currency called WebMoney. The affiliate members, who provide the original victim's computer details to the controlling gang, are very highly rewarded, taking in anywhere from 30% to 80% commission on sales. The most successful affiliate was able to bank approx. US$30,000 per day from Fake AV1.

A typical Fake Anti Virus popup that leads to the initial infection
Follow @dodgy_coder

Subscribe to posts via RSS


  1. Want to recommend one great website with a great number of different article and feedback about many anti-virus tools for many OS. There are also a lot of stuff about anti-spa and anti-hack protection of your PC. Try some and find the right solution for your device.

  2. It is significant that any organization you pick gives you a sentiment of complete certainty.Removal Companies South East London

  3. There are several alternatives to conventional financing for entrepreneurs and investors purchasing, rehabilitating, and refinancing residential real estate. From conventional banks to hard money loans, knowing your financing needs will help you determine which loan program, and which residential lender, is right for you. big sky cash

  4. Woah! I’m really enjoying the template/theme of this blog. It’s simple, yet effective. A lot of times it’s very difficult to get that “perfect balance” between user friendliness and appearance. I must say you have done a great job with this. In addition, the blog loads extremely quick for me on Chrome. Exceptional Blog! aloha browser for pc

  5. Today's world is filled with business identity thieves and con artists who are very, fast and determined to quickly take advantage of people who owns businesses but do not ensure necessary precaution have been put in place to protect their businesses. Identity theft has been labeled as a crime that affects many people each and every year.

  6. Learn the top reasons why a business plan will be rejected for funding: 1. The marketing strategy shows the business lacks competitive edge in its industry or the business lacks a robust marketing strategy and is likely to fail. 2. The management team is inadequate and in some cases lack the competencies required for business success. 3.The business strategy is unclear and/or unfocussed with the risk of exposing the funder's capital losses. 4. Financial projections are based on a rather optimistic assumptions, which when stress-tested show that the business will fail if the most likely outcomes in the marketplace materialised.