Up to 43 million people could have given their bank details to cyber criminals after being duped by fake anti-virus software online, a web security firm has found.
Figures published by Symantec suggest 93 percent of the people scammed downloaded the rogue programs by choice after being tricked into believing it was legitimate. The company estimate that some cyber criminals are earning nearly $1.4 million a year from the ruse.
Web users fall prey to the scam when they click on links, pop-ups or flashing adverts warning them their computer is infected. The fake program then appears to run a virus check which tells the user their PC is infected and asks them to pay for it to be cleaned up.
But downloading the software can give criminals access to bank details and computer files. Symantec found 250 rogue programs were downloaded 43 million times in the 12 months to July 2009.
The company's analysts believe a small number of people run networks of more than 1,000 distributors — whose earnings are linked to the number of machines they infect. The distributors, most of whom are in the United States, may not even realise they are acting illegally. "It is a challenge to fight this," Orla Cox, Symantec's security operations manager told Sky News Online.
"The software may be developed in one country and then distributed in another so it is hard to track them down. It's a tangled web."
As most users lose between $30 and $100, it can be hard to get the attention of law enforcement agencies.
"There are very few things the consumer can do. If you go to the site and try to get your money back, you will find that it has rebranded and it's gone," Ms Cox said.
Ben Camm-Jones from Web User magazine told Sky News Online there are ways to spot a fake site.
"You should be protected from this type of malware if you keep your browser and anti-virus software up to date," he said. "If messages telling you that your PC has an infection pop up when you visit a website, simply close your browser down and use your existing anti-virus software to scan your PC.
"And if you think a warning message on your PC is suspect, carefully check spelling and grammar — there could be a tell-tale mistake."