In Rogues We Trust: Webroot® Survey Reveals Internet Users of All Skill Levels Fall for Cybercriminals’ Tricky Tactics

Webroot Also Finds 2 Out of Every 10 Threats Detected in August Were Fake Security Alerts & Products

Boulder, Colo., September 30, 2009

Computer-savvy consumers are more susceptible than novices to "fake alerts" and rogue security products – bogus malware infection warnings and malicious programs masquerading as legitimate security applications – according to a new survey from Webroot, a leading provider of Internet security for the consumer, enterprise and SMB markets.

Surveying nearly 1,200 individuals ranging in age and computer proficiency levels, Webroot explored the risks and consequences of infection by malware associated with fake alerts. Among the key findings:

• Advanced users clicked on suspicious messages at a greater rate than less experienced users
• 20 percent of respondents strongly trust the first page of search results – a common target for fraudulent links
• Nearly one fifth reported varying levels of financial or data loss following infection
• Over half experienced infections consistent with those of fake alert-related malware

"Cybercriminals prey on our curiosity," said Mike Kronenberg, chief technology officer of Webroot's Consumer Business Unit. "Links to seemingly real search results and videos -- and now even ads on reputable news sites – trigger fake warnings claiming you’re infected or need 'Home Antivirus 2010' or another bogus product. And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programs and variants created in an attempt to bypass security technology. But with the right education, vigilance and technology, consumers can take steps to protect themselves."

The Anatomy of a Fake Alert
Webroot has seen a rise in the incidence of fake alerts and rogue security products. According to the Webroot Threat Research team, two out of every 10 threats detected by Webroot’s products in the month of August were associated with fake alerts and rogue security products.

The appearance of fake alerts changes frequently. Ranging from phony Windows Security Center warnings to notifications for security scans and viewer or codec downloads, each is designed to appear legitimate and urgent. According to the Webroot Threat Research team, Internet users can encounter fake alerts through three main vectors:

• Fraudulent links appearing at or near the top of search results. For example, on Monday Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to "Windows PC Defender," a known rogue security product.
• Phony file links. Webroot recently reported on its Threat Blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of Facebook, MySpace, Twitter and other social networks. The links trigger viewer download messages that activate infection when clicked.
• Ads on legitimate Web sites. Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com earlier this month which contained code leading to a fake alert and rogue product.

Key Findings
Results from the Webroot survey indicate a general lack of awareness of fake alerts and rogue security products, a higher rate of engagement among advanced and power users, and costly and inconvenient consequences of infection.

Lack of awareness leaves individuals vulnerable:

• 20 percent strongly agree the first page of search results includes trustworthy links
• 40 percent did not know the meaning of "fake alerts," and 69 percent were unfamiliar with "rogue security products"
• 25 percent clicked on links to unfamiliar sites
• 13 percent clicked on pop-up messages requiring the download of a special viewer or codec

Experienced computer users are more susceptible:

• Over 50 percent of advanced users encountered a fake Windows Security Center alert, versus 33 percent of novice users
• 26 percent of advanced users encountered a fake security scan, compared to approximately 10 percent of less experienced users
• 23 percent of advanced users clicked on a fake alert and in some cases purchased rogue security products; conversely, 10 percent of novice users did the same

Clicking a fake alert can lead to consequences ranging from nuisance to costly:

• 43 percent of respondents experienced ongoing pop-up messages after clicking
• 26 percent had to have their computers repaired
• 11 percent lost files and documents following infection
• 8 percent had to purchase a new computer or experienced unauthorized credit card charges

Tips for Safer Surfing
Webroot recommends the following actions to protect against the risks and consequences of fake alerts:

• Be vigilant – Do not click pop-up security alerts from unfamiliar companies, or poorly worded messages from known providers. Only purchase security products from reputable companies. Check for links to familiar sites among search engine results. On social networks, do not follow suspicious video links from “friends,” or emails, friend requests, site links and other items from unknown sources
• Even with security programs in place, remain vigilant – Malware authors are continually writing new programs to avoid detection, so pay close attention to suspicious behavior
• Always install updates – Equally if not more important, if you’re using antimalware software, be sure to install updates which include the latest malware definitions to protect you from new variants of known threats; do the same with updates to your operating system
• If you’re not protected – Scan your machine for dormant viruses with a free scan; and protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies

Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with Spy Sweeper®, and Webroot® Internet Security Essentials. For more information about these and other products, please visit http://www.webroot.com/En_US/consumer.html.

ABOUT WEBROOT
Webroot Software, Inc. provides industry leading security software for consumers, enterprises and small and medium–sized businesses worldwide. The Boulder, Colorado based company is privately held and backed by some of the industry's leading venture capital firms, including Technology Crossover Ventures, Accel Partners and Mayfield. Webroot products consistently receive top review ratings by respected third–party media and have been adopted by millions globally. Available as either branded solutions or on an OEM basis, Webroot products can be found at http://www.webroot.com.au and on the shelves of leading retailers worldwide. To find out more visit our website.

Webroot Threat Blog: http://blog.webroot.com.

Follow Webroot on Twitter: http://twitter.com/webroot.

©2009 Webroot Software, Inc. All rights reserved. Webroot, Spy Sweeper, and Parental Controls are registered trademarks or trademarks of Webroot Software, Inc. in the United States and other countries. All other trademarks are properties of their respective owners.