Slashdot Mirror
FTC Kills Scareware Scam That Duped Over 1M Users
coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers.
According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."
At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.
However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.
Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.
These are the good old days you'll be telling your children about. Make them worthwhile.
Click here to fix it, we promise.
...well, you know the rest.
My university has seen so many students (and even staff!) with variants of this. I'll volunteer for the firing squad.
Hail Eris, full of mischief...
E pluribus sanguinem
Scaring people makes them do irrational stuff that ultimately hurts them. Thank you captain obvious!
It's called Norton/McAfee anti-virus
My university has seen so many students (and even staff!) with variants of this.
One of my users managed to get it on a fully patched XP machine that I somehow forgot to install Symantec on (yeah, stupid), with basic User privileges.
Of course, I've seen it a million other times too, but those people were all running with admin privileges.
Boot Windows, Linux, and ESX over the network for free.
Too bad they didn't do this 6 fucking months ago when idiots started opening fake UPS/USPS/FEDEX emails to print their .exe "invoice" inside a zip file.
Only the State obtains its revenue by coercion. - Murray Rothbard
You've got a virus!
Pay me or I won't tell you what it is!
The sad thing is that people fall for it.
I've actually had the following conversation:
"What antivirus program was that?"
"Oh let me see here... [Horrible Trendy Name]"
"When did you install it?"
"I don't know."
I told him to call his credit card issuer.
Though, as if that's not enough, my neighbor recently couldn't understand how a dialog that, after analyzing basically indicated his computer was "too secure" wasn't a bad thing.
Boot Windows, Linux, and ESX over the network for free.
Sure these might just be "scamware"... but I beat them at their own game by installing all 5 of the mentioned programs. The combined power is sure to be effective even if one alone is not!
Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.
some things happen in the wink of an eye. some of us never learn. it's all in the manual. see you there?
According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.
The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.
I found it very funny when my Linux Mint system had a scamware page up in opera (internet browser) and the rest of my family belived as it said that my computer had a virus, problem was it claimed to be scanning my C: drive. LOL
If I go to stopsign.com it will detect all sorts of Windows nastyware on my Linux box.
They have ads on Direct TV.....
I am the unwilling control for my Origin.
...The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued...
Actually, there's another reason. If you click on anything at all, they can record your address in their web journals and tick a box labeled "This person is a potential mark". It's one of the reasons why I close these bogus displays by going around and closing them from the operating system. I do not trust any button or other clickable control presented to me from any window that I didn't specifically ask to see. Even the little X in the top right corner, they can emulate those controls with controls of their own, and can record the fact that you've paid them a bit of attention. And for such people, the less attention you pay them the better.
Do not mock my vision of impractical footwear
The mouse has one button, The os is an insult to unix.
You're right. Real UNIX users don't even have mice, just keyboards and emacs. Seriously, even GNOME and KDE can be used without a mouse.
So, if an OS is usable without a mouse at all, surely you can get basic functionality with a one button mouse. Yes a five button mouse puts a lot more options at your fingertips, but it's hardly required.
Not that any of this matters, nobody ships computers with one button mice anymore. We're about to enter 2009, try to keep up. ;)
its a bit late after a million fools have purchased the software... the only 2 things that will fix this issue is all the people before born before 1975 die OR you make people get a computer license. I did tech support for a few years and imho majority of people who were born before 1975 are too stupid. yes i say stupid because they also ask you how to spell COMMAND (is that one M or two M's) or they say "whats internet explorer?" when you ask them to open it...everytime they switch on their pc it tells them what OS they have...it flashes up WINDOWS XP or whatever...but they have no clue what OS they are running...tech support makes you want to kill yourself so you never have to speak to a fool again....
I see this kind of stuff about 3-4 times a month between clients and friends. Malwarebytes Anti-Malware is the only program I've seen that removes it easily, and within 5 minutes, to boot. Happy cleaning! http://malwarebytes.org/
In an unrelated story, the FTC has invested in some extremely large ovens in an effort to reduce the nation's dependence on foreign energy sources. They claim the new fuel is actually self-perpetuating and that "There is an unlimited supply here at home."
I was a safe Windows user. Unfortunately the wife was not, and because of a few mistaken mouse clicks on her part Winantivirus was installed on my computer. It's tenacious grip on my XP install forced me to look for an alternative. Linux was installed over XP, and for three years now I've had the pleasure of laughing at articles just like this one. Thanks Winantivirus!
At this rate they will nail the Extenze scam by 2015 and Head On by 2020. If they can't shut these things down fast enough, the amount of money they make is still vastly larger than any fine, so the fine and shutdown is just a cost of doing business. They need to be more proactive.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
One of my client sites was clickjacked, and another had an attempted clickjacking. The connection is that the one that succeeded redirected users to a Russian site with scareware/malvertisement (AntiVirus Defense 2009). Same modus operandi - their scareware scanned my C: drive and found infected exe and dll files galore, a fact most curious on an Ubuntu Linux desktop.
The other attempted clickjacking was to a Chinese site, but I can't help but wonder if there's something more serious going on here. Some of these scareware sellers are paying to have script kiddies put iframe clickjacks on every index.* file in a web host they can compromise, which is more than just a civil matter.
Do they stop with just charging $39.95 from the victim's credit card, or keep on charging until they hit the limit or get an alert? And does the victim's machine get free from the scareware, or is it recruited into a botnet to send out more malvertisements?
Inquiring minds want to know.
By and large they don't need admin access. In the case of WoW it is because they are assuming that the current user has write access to the directory that the executable is in instead of using the current user's "application data" directory. PB could work just as well by running components that require admin privileges as a service and/or driver and leaving user level components with reasonable permissions. Other apps have problems because they write user specific data to HKEY_LOCAL_MACHINE instead of HKEY_CURRENT_USER.
In almost all of these cases it isn't the effectiveness of cheat detection (or w/e) its just sloppy engineering. The source of my frustration is not that require admin access but that require it for no good reason. Applications that have a legitimate reason to require administrative access, Wire Shark for instance, don't bother me in the slightest. They can get away with it because most home users don't care or don't know enough about security to realize there is a problem.
You mean there's anti-virus software that will find pornography on my computer? Will it show it to me as well? :D
The most interesting part of this operation was that they apparently impersonated legitimate businesses, created advertisements for these businesses, and then had them placed on high-profile websites. The buyers of these ads typically had no idea anything was wrong because the ad code was both obfuscated and would only redirect the user to the bad website a small percentage of the time.
I wonder if the Sam Jain referenced in the article is the same Sam Jain behind efront. There was plenty of good reading on fuckedcompany.com way back then when the ICQ logs were released on the net.
134340: I am not a number. I am a free planet!
Are you...running malware in WINE for fun?
You _do_ realize that this grants write access to all your priceless documents in ~
Which is why people who test malware in WINE make a separate user for this.
Even though users can have their files easily restored in minutes from a backup?
And what keeps the files from getting infected before the backup?
You can't lock out the primary user of a home computer from installing programs
The operating systems in video game consoles, digital video recorders, and some mobile phones do exactly this. And when these gain web browsers, they begin to blur the line between "appliance" and "computer".
No matter how many hoops you have to jump through (excplicitely authorize, enter password, etc.)
What about the hoop of "developer must be a company with office space, not an individual" and the hoop of "in order to get your app signed, you have to pay the platform owner four figures to test it thoroughly"?
Do you really think that, somehow, the hardware in a laptop deteriorates and gets less reliable with age?
Not to be condescending or anything, but... yeah. You may notice the same thing happens with cars.
DRM: Terminator crops for your mind!
Scareware? Could someone elaborate on this interesting definition?
It sounds like a thrill! Always lurking, keeping you on your toes, until the moment it strikes and you get eaten by a grue.
I have cleaned this off of 50+ computers at work. Stupid users. It's about damn time someone shut this company down.
When I'm googling around for programmer documentation I no longer have to fear Google showing one thing but the website auto-redirecting to Antivirus 2009 and it's infernal fake nagging "scan" page?
Thank God.
Having hit three in a row thought it would be nice to vent my frustration by mirroring it and defacing the mirror.
How am I supposed to put food on my table if people don't have the opportunity to destroy their systems with a single click anymore? My computer repair business is doomed. Doomed, I say!
I am not left-handed, either!
On several occasions have run across aggressive annoying advertisements which popped-up claiming to have detected viruses and spyware on my computer. On each occasion, I was using Linux and browsing the Internet with Firefox. I normally do not get pop-ups when using Firefox, but some scareware advertisers do still know how to make pop-ups appear.
Earlier this year, I had just installed a brand new copy of Kubuntu Linux on a brand new hard disk in my computer. It did not (and still does not) have Windows or any Microsoft products installed on it. I had also installed a firewall and had it behind a router which also had a firewall with all ports closed to the outside world. I had even installed all the latest security updates.
If I remember correctly, this is roughly what happened next. A day or two later, as I was browsing the Internet with Firefox, an ad popped up saying that they had detected several types of viruses and spyware running on my computer. It then asked if I want to have my hard disk scanned for viruses. I closed the advertisement without giving permission. Then another pop-up, with a progress bar, appeared, which claimed that it as scanning drive C: for viruses. I thought, that was odd, since Linux computers do not have a drive C. Before long, a pop-up appeared which said that Microsoft had detected references to viruses and spyware in my registry. That also seemed odd, since Linux does not even have a registry. Furthermore, I thought, what was a Microsoft pop-up doing on my Linux computer. Besides, at least last that I have heard, there still have not yet been any Linux viruses successfully circulating in the wild.
Finally, they asked me to click on a link and purchase their product, so that my computer could be disinfected. At no point in the process of supposedly scanning my hard disk without permission, did they seem to notice or comment on the fact that I was using Linux.
I'm amazed that it's taken this long for something to be done about this. I'm also amazed at the magical protective perception field around them. They're not just scams, they're viruses. If they were written by some 14 year old in their parents basement, heavily armed goons would sweep in and drag them off to jail to face felony charges for unauthorized access to a computer, distributing a virus, etc. The protection racket they're running using their viruses is icing on the cake.
The fact is, these are viruses and they're not just spread by people voluntarily downloading programs they believe to be anti-virus software due to scary pop-ups. These things use exploits in windows and web browsers to infect peoples system whether or not they choose to install them, then they generate messages that can truthfully claim that the computer is infected with a virus. Having endured hell working in tech support I've seen plenty of infections by this crap.
So, on the one hand, it's good that someone is finally doing something. On the other hand, where the hell are the criminal charges? Why is it the FTC doing something and not the FBI? Because the criminal scum behind this throw on the trappings of a business they become sacrosanct and get civil actions where the rest of us mere mortals would be put away for life. What the freaking hell!
Hate to break it to you, but if your browser displayed the ad, they already have your: IP, browser/os platform, screen resolution, language preference, cookie settings, etc (thanks JavaScript!).
Unless you're using something like NoScript or Privoxy, there's quite a few people which have a detailed account of your web habits.
I recall years ago when I used the MS Windows product that I would occasionally get a pop up message from a random web site telling me that scans showed I have all sorts of nasty crap on my machine. It's the windows messenger at fault here. I had to go to grc.com to find the procedure to "Kill the Messenger".
Evidently M$ still enables this useless feature by default and unwary users are still being duped by it. Microsoft should also be held responsible for damages caused by their products, or at the very least they really should inform their customers how to protect themselves when using their products.
"Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself." Mark Twain
There are billions of people who believe that a super being will save their souls and take them to a place of eternal bliss after they die. Maybe the FTC should go after these scammers too?
If this is the same scam that I've seen lately, have a little sympathy for the end user. The ad generates a nasty dialog box that can only be killed by forcing the browser to quit. The alternative is to "agree" to let them scan your PC. I'm paranoid enough about browser security bugs that there is no way in Hell that I would agree to that. The fact that their ad can create such a dialog box seems like a browser bug to me. Have you stopped beating your wife [Y/N]?
Mea navis aericumbens anguillis abundat
If I remember correctly, this is roughly what happened next. A day or two later, as I was browsing the Internet with Firefox, an ad popped up saying that they had detected several types of viruses and spyware running on my computer. It then asked if I want to have my hard disk scanned for viruses. I closed the advertisement without giving permission. Then another pop-up, with a progress bar, appeared, which claimed that it as scanning drive C: for viruses. I thought, that was odd, since Linux computers do not have a drive C. Before long, a pop-up appeared which said that Microsoft had detected references to viruses and spyware in my registry. That also seemed odd, since Linux does not even have a registry. Furthermore, I thought, what was a Microsoft pop-up doing on my Linux computer. Besides, at least last that I have heard, there still have not yet been any Linux viruses successfully circulating in the wild.
Finally, they asked me to click on a link and purchase their product, so that my computer could be disinfected. At no point in the process of supposedly scanning my hard disk without permission, did they seem to notice or comment on the fact that I was using Linux.
It wouldn't be that hard for these crooks to have this only happen if you your browser had a Windows user agent string. That they can't even be bothered to do this means that they arn't scared of being caught. That their lies are so obvious should be exactly the sort of evidence that prosecutors should be looking for... Regular con artists tend to be far more subtle with their lying.
If the pre-recorded video looks like it's an active application running it will fool the uneducated; it's designed to. Your PC wasn't scanned as you know, it played a video making you think it was being scanned. The last thing they want is to go to the hassle of making it really scan and find nothing, therefor no way to scare you into buying their shit. They play the numbers and go for the easy mass target, they style their videos on Windows.
It's like playing a video demo of a game and handing a young kid the controller; tell him he's controlling what he sees and it'll keep him occupied for a while, until he clicks that he ain't.
My windows firewall said it had become disabled but it was a trick and I ended up with this. However the malwarebytes software sorted me out completely. I'd never heard of it before but it really was helpful. I can't remember if I had to use safe mode or not.
I've been concerned about spyware and viruses on my linux system so I tried to downloaded Spyware Guard 2009 and tried to run it on my Linux system. The darn thing wouldn't run! I tweaked and fiddled with wine for a while then installed Crossover Office, all to no avail. I sent them bug report after bug report about this incompatibility but they never respond. Darn it, I feel left out! ;)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
5,5,5,5,5,5,5,5,100 -> Majority below average.
No. You're wrong.
If the root account is hosed with a trojan, you must find the cleanest version of your data AND reinstall. If you do not completely clean your hard drive, you cannot trust the infection will not start again and you will not lose your data a second time.
If your account is hosed with a trojan, you can use another account to check to see what has been affected and use that account to find a version that is safe of any data you have. You also only have to fix areas you have access to.
Now, in BOTH cases, you lose your data. But in one case you lose anyone else's data AND the OS, and in the other one, only your data. But the one where you lose ALL security is the better one????
What a moron.
His machine is a US DoD machine. They still haven't fixed the passwords since McKinnon..!
They should have done this earlier.
farkin trolls, i hope the go to jail for fraud.
my wife got one of these on her laptop the other day. endless popup windows disguised to look like windows system messages or anti-virus software. she knows we use avast and thought the windows looked 'different' so she asked me to take a look. Kill firefox and problem solved.
I guess my point is, it didn't take a whole lot of knowledge for her to identify a scam. Know what is SUPPOSED to be running on your system and what those things look like. If you see anything different, get suspicious.
It's funny how the people I know that spread the most FUD about viruses/phishing/scams (panicky emails about the latest e-boogey man) are also the ones that get hit most often. You'd think they'd be the most paranoid and stay safe.
This particular piece of malware no good bit of user education can prevent. One variant comes in through an adobe acrobat exploit that's launched through an iframe. No user interaction required.
I patented screwing your mom. But it got revoked for "prior art."
As a pc tech I made quite a few bucks cleaning up XP antivirus and the like. If it wasn't for this type of crap, and gullible users, I'd be out of a job as about 60% to 70% of my business is virus/malware removal. C'mon you l33t h4ck3r and script-kitties get busy...I want to have a good christmas.
The Malware-bytes program deals with this program perfectly. First time I had this issue, it took me 3 or 4 hours to clear it, not with this program, it takes all of 20 minutes to do a quick scan, remove, and be done with it.
I have a large client that doesn't allow the users to be admins on their windows workstations.
It's a pain in the neck because if you have to change a printer setting you have to log them off and log back in as an admin. There is no temporary override option.
I could be wrong but I thought I remembered that decision being forced through a court order.