Wednesday, March 24, 2010

'Infections Found': Inside The Great Scareware Scam

Jim Giles writes on New Scientist:

One day in March 2008, Kent Woerner got a disturbing phone call from a teacher at an elementary school in Beloit, Kansas. An 11-year-old student had triggered a security scan on a computer she was using, revealing that the machine contained pornographic images. Worse still, the images had appeared on-screen as the scan took place.

Woerner, who manages the computer systems for the local school district, jumped in his car and drove to the school. Repeating the scan, he too saw the images, alongside warnings that the machine was infected with viruses and spyware that were surreptitiously monitoring the computer's users. Yet a search of the hard drive revealed nothing untoward. Switching to another machine, Woerner visited the security website that provided the scan, and ran it again. Exactly the same number of pornographic images popped up.

Woerner was smart enough to spot the ruse. This was not a genuine security scan. It was nothing more than an animation designed to dupe the unsuspecting computer user into shelling out $40 or so for software to combat a security problem where none existed. For those who fall for it, such "scareware" spells double trouble: not only are they relieved of their cash, but the software they download has no protective effect, leaving them vulnerable to malicious attack.

Woerner noted the site behind the fake scan,, and got in touch with the Federal Trade Commission (FTC), the US consumer protection agency. He was one of hundreds. As the FTC trawled through the complaints, it became clear that in its complexity, sophistication and sheer brazenness, this was no normal internet scam. "This is one of the largest internet-based frauds the FTC has ever prosecuted," says Ethan Arenson, an attorney at the agency's headquarters in Washington DC. Over in Hamburg, Germany, analysts at the computer security company McAfee were independently coming to a similar conclusion.

Much more here.

Hat-tip: Spyware Sucks


Post a Comment

<< Home