Malware within: Hackers embed PCs at point of sale.

Malware within: Hackers embed PCs at point of sale 

October 20 2009 | Times of India Bangalore

Washington: Tens of millions of US computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime. 

Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The alert warns them of a virus and offers security software, sometimes for free and sometimes for a fee.
Lots of times, in fact theyre a conduit for attackers to take over your machine, said Vincent Weafer, Symantecs vicepresident for security response.
Theyll take your credit card information, any personal information youve entered there and theyve got your machine, he said, referring to some rogue softwares ability to rope a users machine into a botnet, a network of machines taken over to send spam or worse. 

 
Symantec found 250 varieties of scam security software with legitimate sounding names like Antivirus 2010 and Spyware-Guard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded , said Weafer. 

In terms of the number of people who potentially have this in their machines, its tens of millions, Weafer said.  

 
It was also impossible to tell how much cyberthieves made off with but affiliates acting as middlemen to convince people to download the software were believed to earn between 1 cent per download and 55 cents. 

 
TrafficConverter.biz, which has been shut down, had boasted that its top affiliates earned as much as $332,000 a month for selling scam security software, according to Weafer. REUTERS