You know spyware and virus, malware and DDOS, Trojan of horse fame, phishing and worm. But do you recall the brand-newest threat of them all? (apologies to Johnny Marks). Well, the Federal Trade Commission does: it's called "scareware," and late last week, the FTC slammed two of the biggest scareware providers with an asset freeze and a temporary injunction.
What is "scareware?" Arstechnica.com's report explains it thus:
Scareware-selling companies would contract with reputable websites to display advertisements on behalf of other reputable companies, but would poison the ads in question. Once clicked, visitors were actually redirected to a vendor-controlled website, which would then "scan" their computer and amazingly enough, find evidence of damage or infection. Cue the appropriate links, websites (just $39.95), and a few minutes later the result is one scammed customer who has just paid good money for nothing. The thieves, meanwhile, earn extra points if they manage to nick a credit card number in the process.
Some typical examples include Antivirus XP, DriveCleaner, and WinFixer. Drop by the Trend Micro blog for an animated portrayal of a typical Antivirus XP attack, which includes a replacement desktop wallpaper with no way to change it and a scary-looking fake BSOD screensaver.
So, who wound up in the FTC's sights? Innovating Marketing, Inc. and ByteHosting Internet Services, LLC. They join an increasingly long list of online crooks the FTC has taken down, including CyberSpy (maker of the RemoteSpy keylogger) and spam pushers HerbalKing and Atrivo.
If you need to clean up Antivirus XP or other scareware apps, try the free utilites on this Cnet.com thread.
Have you (or "a friend") been taken by a scareware vendor? Have other suggestions for cleaning up other scareware infections? Hit Comment and help turn infected PCs from "bad" to "good" in time to make Santa's "nice, not naughty" list.
Comments are closed on this article
winmaster
December 28, 2008 at 8:35pm
Oh yes, I remember once upon a time when I was a young lad, mistakenly installing WinAintispyware 2006. Luckily, I was able to remove it by uninstalling it and running a real antispyware program (Ad-Aware SE Personal) to get rid of the rest of it. Now I tell people: "Antivirus software doesn't come to you, you have to go get it."
--------------------------------------------------------------------------------------------------
The quick brown fox jumps over the lazy dog.
mstnggt500kr
December 16, 2008 at 8:13am
But sadly, there's plenty of people who don't know the difference, and pay for it. I've even had people break out into tears when they realize they paid for their actual problem.
As for removing it, I've found that MalwareBytes does a darn good job at removing just about every trace of any of the titles I've run into. After that, use your favorite flavor of AntiSpyware to remove any lingering traces.
HarmonicShadow
December 15, 2008 at 9:08pm
I get stuff like this at work on a regular basis. The FTC and all them government people need to stop worrying about P2Ps and sharing music and start working on keeping people from being scammed by stuff like this. At my work, MalwareBytes and SUPERAntispyware are what we use commonly to kill this stuff. SUPERAntispyware has a lot of repairs such as killing the unchangable desktop those rogues install. We've found nothing more powerful than those two programs. Doctor Web CureIt and LiveCD are needed for more heavier infections and those often end up being OS repaired or formatted. My workplace is fighting the War on Zlob as best as we can. We are even considering 'vaccinating' peoples machines with SpywareBlaster since it doesn't remove the entries it installs to protect when it is uninstalled. I hope you guys out there are fighting the War on Zlob too. ZLOB is going down!!!
-------------------------------------------------------------------------------------------------
Bill Gates: "What's that?"
Steve Jobs: "It's an iHouse."
Bill Gates: "But there's no Windows."
Steve Job: "EXACTLY!"
QUINTIX256
December 15, 2008 at 5:45pm
http://antivirus-online-proscan.com
Protect your system whith the best antivirus.
This wasn't too hard to find either. So much for the injunction puting a pause to Antivirus XP. I know it is impossible for the browser to run a scan without a plugin, yet it goes on pretending to scan my computer without installing anything. I'm sure most computer users wouldn't understand that, and would download this nonsense anyway.
UPDATE:
"As a bonus, its real-time Privacy Protection that keeps your private data."
They just dropped us the bomb. We get signal... EPIC FAIL.
Marcus_Soperus
December 16, 2008 at 7:25pm
"Thanks," ZeroWing, for "inspiring" today's hackers?!? Seriously, Quintix256, thanks for the reference!
---------------------------------------------------------------------------------------------------
It's amazing how illogical a business built on binary logic can be.
The Relic
December 15, 2008 at 3:56pm
I have had at least 3 computers come to me that had this garbage on them. I always recommend to my customers that 1. Stay away from questionable sites. 2. You already have a proper anti-virus or anti-spyware solutions on your system, and 3. If something hijacks your browser claiming that you have so-and-so, and download our solution, give your system the three-finger salute and shut down your browser IMMEDIATELY from the Task Manager. And run your anti-virus/anti-spyware as a precaution.
While I appreciate the people who bring me their rigs to fix or restore, I prefer that they apply a little preventative maintenence; people need their money in these tough economic times, and I'd rather they not have to end up in a soup kitchen because their significant other can't keep away from the pr0n and gambling sites.
AndyYankee17
December 15, 2008 at 1:06pm
I hate public PCs with those things on it, first it makes me nervous whenever I have to enter personl info and second, browser tabs open up on there own linking to crap like XP AV and if I don't close the tab before it loads odds are that it crashes the whole browser
Print
