FTC Kills Scareware Scam That Duped Over 1M Users

coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."

I hope this helps this problem

[vwpau227]

At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.

However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.

Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

Re:I hope this helps this problem

[lord_sarpedon]

Are you...running malware in WINE for fun?

You _do_ realize that this grants write access to all your priceless documents in ~
The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.

Re:I hope this helps this problem

[Timothy+Brownawell]

Even though users can have their files easily restored in minutes from a backup?

What backup?

And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

Is "administrator" a fancy term for "geeky neighbor kid"?

The only files that matter are the user's files, everything else can be fixed with apt-get and a livecd. If those files are messed up, it does not matter that the stock OS files are still intact. The *nix security model is good for protecting users from eachother, while malware protection requires protecting users from themselves. Probably the only ways to get the latter are some unmaintainable SELinux config or a highly inconvenient browser-in-a-VM and email-in-a-different-VM setup, and even those can't ever be idiotproof.

Re:I hope this helps this problem

[dragonturtle69]

I saw that once too, on Firefox 3.0/Suse 11. A popup appeared from where the SysTray would be, if running XP with the default theme. If it had been on XP, and unwary user would have easily believed it to be a legitimate XP security warning. Another user that I recently converted to Linux saw this on Ubuntu 8.1/Unknown browser, and took it for a good thing that Linux prevented an intrusion. The sad part is that they would have provided sudo if prompted.

Re:I hope this helps this problem

[lord_sarpedon]

Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.

You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to hide or at least blend in, for as long as possible, to make a profit by some means.

I should have said 'read/write access'. The tricky bit is when information gets _leaked_, you see. Then the attacker has _important_ passwords (think firefox profile) and confidential information. Your bank account is compromised and you just wiped your ass with whatever accountability requirements your organization is held to.

You don't need superuser to send spam, either.

If that's still too much for you, then in short, non-root compromises are a BIG FUCKING DEAL.

Security as it stands is total bullshit because any "unprivileged" executable can easily take you from behind _without you ever knowing_. Privilege escalation is merely a means to do the SAME THING but sneakier, or across more accounts. Remote exploits aim to do the SAME THING. Rub some braincells together and think about this. The current security model protects users from users. You (the user) can and will get fucked over, but things have been designed so that doesn't affect anyone else. This was adequate - at the time.

Apps are not their users. Apps should not run under the user's account. Opening a document is to be done via a privileged (as in "running as the user") daemon which displays a file-open dialog and maps the selected file(s) into the app's sandbox.

Re:I hope this helps this problem

[mpe]

The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

As would be the case if it offered to "scan your registry". No doubt even on a Windows system such sites could list DLLs or registry keys which don't actually exist on the system in question.
This is like phishing emails where you may not even have an account with the bank in question and even if you do you never told them that email. Or even someone phoning up, claiming to be your Uncle John who needs money in a hurry. Where even if you actually have an uncle called "John" the caller sounds nothing like them.
Technology such as telephones, email, websites, etc Should be acting as a double edged sword. In that whilst it allows such crooks the the ability to target more people than if they had to physically visit people in order to try and con them, as was their only option in the past. It at the same time tends to leave trails back to the criminals. Thus it should be easier for law enforcement to do something about them. If law enforcement were actually interested in doing so that is...

I'll one up that.

[RulerOf]

My university has seen so many students (and even staff!) with variants of this.

One of my users managed to get it on a fully patched XP machine that I somehow forgot to install Symantec on (yeah, stupid), with basic User privileges.

Of course, I've seen it a million other times too, but those people were all running with admin privileges.

Re:Old news

[tomhudson]

It's called Norton/McAfee anti-virus

Really? That's the new name for Vista?

I think there's a bug in their web site - it told me I had 427 viruses on C:, but I can't find C: anywhere. I looked in /home, /usr, /var, /srv, /etc, /root, /lib, /sys, /mnt, /opt, /proc, /other, /sbin, /bin, /boot, /dev, /media ... I can't find any C: ...

Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows. It's like having sex with a million strangers - you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

Re:Better late than never

[Narcocide]

The answer to why is probably simpler than you think - they don't "get" this internet thing either.

Re:Old news

[Hemogoblin]

Well you may not have problems with your hardware, but that doesn't mean others don't. Since we're giving personal anecdotes, I'll give you mine.

To give you an idea of my computer skills, I've installed Linux on three of my computers over the last 5 years, though I never really used it too much. I'm "fluent" with Windows. I have some experience with C++, so using the shell and so forth doesn't bother me too much. I'm not a developer or anytihng like that though. In other words, I'm pretty much the "best-case" inexperienced user.

That said, every time I tried to install Linux, I ALWAYS have problems. The first time it took me literally two days of frustration before it was in a usuable state. I define usable as "being able to reliably hit the power button, boot with no problems, log in, and surf the internet". It would take too long to go through all the problems I had.

More recently, I just installed Linux on my laptop two days ago, and it took me over four hours to get my wireless internet to work correctly. I figured out how to use ndiswrapper on one of my previous installs, but it didn't solve the problem this time around. Eventually I figured out the problem had to do with the order of drivers being loaded. That's right, to surf the internet I had to learn about crap like modprobe, how to run scripts at startup, etc. All the sysadmins here probably think it's easy, but it's nearly impossible for inexperienced users like me to learn. The worst part was finding a well written bug report on the ubuntu tracker which listed my exact problem, but was closed with the reason "This is a well known problem, just google it"... like I hadn't been doing that for hours.

Anyway, my point is that even though Linux is mostly awesome and everything mostly "just works", there are still some stuff that doesn't. You can blame broadcom or whoever for the problems, but if those few things still exist and are frustrating enough to turn off a dedicated and best-case-inexperienced user, then it still needs more work if you want everyone to use it.

Is it the same Sam Jain

[the_other_one]

I wonder if the Sam Jain referenced in the article is the same Sam Jain behind efront. There was plenty of good reading on fuckedcompany.com way back then when the ICQ logs were released on the net.

Claimed my Linux box had viruses in the registry

[Rick17JJ]

On several occasions have run across aggressive annoying advertisements which popped-up claiming to have detected viruses and spyware on my computer. On each occasion, I was using Linux and browsing the Internet with Firefox. I normally do not get pop-ups when using Firefox, but some scareware advertisers do still know how to make pop-ups appear.

Earlier this year, I had just installed a brand new copy of Kubuntu Linux on a brand new hard disk in my computer. It did not (and still does not) have Windows or any Microsoft products installed on it. I had also installed a firewall and had it behind a router which also had a firewall with all ports closed to the outside world. I had even installed all the latest security updates.

If I remember correctly, this is roughly what happened next. A day or two later, as I was browsing the Internet with Firefox, an ad popped up saying that they had detected several types of viruses and spyware running on my computer. It then asked if I want to have my hard disk scanned for viruses. I closed the advertisement without giving permission. Then another pop-up, with a progress bar, appeared, which claimed that it as scanning drive C: for viruses. I thought, that was odd, since Linux computers do not have a drive C. Before long, a pop-up appeared which said that Microsoft had detected references to viruses and spyware in my registry. That also seemed odd, since Linux does not even have a registry. Furthermore, I thought, what was a Microsoft pop-up doing on my Linux computer. Besides, at least last that I have heard, there still have not yet been any Linux viruses successfully circulating in the wild.

Finally, they asked me to click on a link and purchase their product, so that my computer could be disinfected. At no point in the process of supposedly scanning my hard disk without permission, did they seem to notice or comment on the fact that I was using Linux.

Re:It's easy to stop ...

[scientus]

what realy needs to happen (but wont because finially your grandmother has gotten sue to password) is a move towards real authentication

Peoples cryptographics keys do not need to have any information but if people just used the damn things then there would be no phishing, no more hackers hacking into some crap site, or the site going off the internet and saying what the hell, and your passwords being used to take everything you have.

big sites like reportable ebay DO NOT ENCRYPT YOUR PASSWORDS cause they then cn look for sockpupets.

Seriously, if the user types their password into the actual page then something is wrong, unlike 10 years ago anyone can easily send a typed password thorugh ajax, anything you ever type into any text box on a internet site is public. Something like passwords shouldnt be in there as there and done ad-hoc. And this is part of most of what this game plays on.