Big malware players return during the autumn

Rogue AV market was mostly dead through August and September. Although this might be caused by Chronopay raid, the timing of the raids did not match with the decline. Additionally, we have seen significant shift to different kind of malware: google redirects, new kinds of rootkits, Bitcoin mining software and other kinds of parasites that do not require payment gateway which are easy to shut down.
Well, the nice play is over, and we see at least 3 large fake software families on the rise. The most interesting is Security Sphere 2012. The same guys had distributed biggest amounts of Fake AVs during last year. And that means the summer pause is over.
Interesting to note, that the pause was around 2 months long, quite similar to the one during last year. The timing is off by 2 months (end of May – mid July in 2010, August – September in 2011). Maybe we should call this (un)deserved holidays of malware makers?
Does that mean police got the wrong guy? Not necessarily. A warm place does not stay empty for long, and no single arrest will kill rogue antivirus business. It is a multi-million industry, where bad guys earn much more than good guys. For example, SuperAntiSpyware was bought out for around 8 mil USD only, which is insignificant to profits of Fake Antivirus payment processors.
There are some good news as well. Windows 8 will come with AV pre-installed and some security issues fixed. This should make malware makers life somewhat harder and we will see less aggressive infections. The single fear is that it will reduce overall investment in security software and this would result in poor quality antivirus solutions for everyday user.
At the moment, the best protection is strong Internet Security (or AV+Anti-malware) program and decent internet browsing habits. This will never go out of style.