Gadgetell | Tech News, Reviews, and Interesting Things

This week’s column is all about the scourge of scareware.  Most of us have seen it at one time or another as we surf the web.  A pop up will suddenly appear with dire warnings that your system is infected or critical errors were found in your registry.  Clicking on it brings up a site for a program that claims it can fix everything-for a fee.  The price ranges from $29.95 to $50.  Once you pay and download the program, sure enough it does a scan, finds the problems and fixes them all.  What a relief, right?  Not really.  You never had any infections or errors at all.  The only thing that got cleaned out was your wallet.  A scammer just succeeded in scaring some cash from you.

That’s right.  The whole concept of scareware is actually pretty simple.  Just trick someone into thinking they have critical issues with their computer and need your program to fix it.  It’s big business for cybercriminals.

In the beginning…

Let’s look at the origins of scareware.  At first they were just pranks.  The first piece of scareware, called “NightMare” hit the scene in 1991.  It was made for the Amiga computer and once installed would pop up at a random time, filling the user’s screen with the image of a skull and playing a sound file of horrified shrieking.  It was generally harmless.  Other types of harmless scareware included a tiny program which would generate a pop up asking “Erase hard drive?” with two buttons: “OK” and “OK.”

Fortunately no matter which okay button was clicked the program simply went away, leaving data intact.

Pop ups and SEO

Scammers began using the scareware concept with the pop ups I talked about earlier.  Microsoft has successfully sued several of these scareware makers, winning $1 million from Secure Computer, which made a piece of scareware called Spyware Cleaner.  In December, the FTC obtained restraining orders against Innovative Marketing, Inc. and ByteHosting Internet Services, the vendors behind WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus, all of which are fake security programs.  The FTC says they estimate over 1 million people fell for the scam and bought the fake software.

This doesn’t mean we’re winning the battle however.  According to the Anti-Phishing Working Group, there are nearly 10,000 scareware packages in circulation.  While the pop ups and banners may have lost their effectiveness, scammers have found a new way to distribute their wares.  Massive scareware affiliate networks use black hat SEO techniques so that their sites show up first on search results.

They often compromise legit sites as well, making them redirect to their scareware pages, and since these pages often look quite slick and professional, many users are tricked into trusting them.  Another distribution method involves posting scareware ads on legit sites like Monster.com where a user might unwittingly click on them.  Scareware vendors have also been buying up domain names related to hot topics such as Conficker and swine flu in hopes people searching for information and news will be led to their fake sites.  Affiliate members get around 10 cents for each redirection and are estimated to rake in over $10,000 a day, making scareware big business.

Fake search engines

The newest development in the distribution of malicious software (including scareware) is the discovery of fake search engines.  Cybergangs are now creating their own search engines.  These specialized engines show up in Google searches for popular topics like swine flu.  When clicked on, the user is shown a half dozen search results that look like they are related to the keywords being searched, but clicking on any of them sends the user to a malicious site.  Depending on the keywords it seems the site is either a fake porn site that downloads malware or a scareware site.  Cybergangs are continuing to get more and more sophisticated in their attacks.

How to protect yourself

So how can you protect yourself?  Here are some rules to follow:

• Never ever click on a popup, banner, or any other kind of ad that claims your system is infected, your anti-virus software needs to be updated, or your registry is corrupted.
• If you find yourself redirected to a scareware site, don’t click anything.  Hit Ctrl-Alt-Del, go to Task Manager, and use End Task to shut down your browser.  It’s much safer that way.  Once you’ve been redirected to a malicious site, clicking on anything, even the X in the corner, could trigger a download.
• Legit anti-virus programs are updated via the software’s control panel, not popups.
• If you find yourself infected, Microsoft’s Malicious Software Removal Tool can clean things up.  Most of the major anti-virus sites also offer removal tools as well.  Although if you have a legit and up to date anti-virus program installed it will probably detect and block the scareware from being installed in the first place, and you do have a legit and update anti-virus installed, right?

That’s all for this week.  Feel free to leave your questions, comments, and horror stories below.  Keep those shields up and stay safe!