Forgot your password?
typodupeerror
The Internet

FTC Kills Scareware Scam That Duped Over 1M Users 329

Posted by samzenpus
from the don't-let-it-happen-to-you dept.
coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."
This discussion has been archived. No new comments can be posted.

FTC Kills Scareware Scam That Duped Over 1M Users

Comments Filter:
  • by vwpau227 (462957) * on Wednesday December 10, 2008 @08:46PM (#26068497) Homepage

    At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.

    However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.

    Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

    • by tomhudson (43916) <barbara DOT huds ... a-hudson DOT com> on Wednesday December 10, 2008 @09:01PM (#26068641) Journal

      Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.

      • by omeomi (675045) on Wednesday December 10, 2008 @10:49PM (#26069709) Homepage
        It's not in their immediate financial interest to turn off the tap.

        Nor is it their responsibility to make sure their customers spend their money wisely. And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.
    • by lalena (1221394) on Wednesday December 10, 2008 @09:13PM (#26068765) Homepage
      I agree that going after these scareware companies is too difficult, which is why we should go after the advertising networks that help them post their ads instead.
      According to the article "The defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements."
      Even if you are duped, once you see the scareware ad you should revoke the ad account for that company.
      Most sites have a way of clicking that a blog post, wiki article, ... should be reviewed or removed because it is inappropriate, but you never see something like this for an ad.
      • by Pharmboy (216950) on Wednesday December 10, 2008 @09:53PM (#26069233) Journal

        Well of course you don't see something like that for an ad. The advertisers are PAYING real money. The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued. It is "good faith" effort to remove stuff that is liable or DMCA. Many of these sites are so 3rd tier, they don't give a damn what bad ads are on their website, as long as they get paid.

        Silly me, I still think that part of the cause is that Windows is entirely too easy to pwn.

        There is enough blame to go around, but the one thing that is universal is money. The crappy forum/blog/wiki websites want the ad money regardless of content, the scammers want your dollars, MS wants to overcharge and underdeliver, many people are too lazy to learn about their computer and would rather pay the extortion (which doesn't end the problem) than keep their systems up to date, no matter how easy you were to make it.

        • Hoard your clicks (Score:4, Informative)

          by Nefarious Wheel (628136) on Wednesday December 10, 2008 @10:21PM (#26069485) Journal

          ...The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued...

          Actually, there's another reason. If you click on anything at all, they can record your address in their web journals and tick a box labeled "This person is a potential mark". It's one of the reasons why I close these bogus displays by going around and closing them from the operating system. I do not trust any button or other clickable control presented to me from any window that I didn't specifically ask to see. Even the little X in the top right corner, they can emulate those controls with controls of their own, and can record the fact that you've paid them a bit of attention. And for such people, the less attention you pay them the better.

          • Re: (Score:3, Insightful)

            by Ihmhi (1206036)

            I know a good bit about computers, but I had never heard about anything like this. Would this actually be possible - emulating the entire thing? I'm sure the X boxes and whatnot would be easy, but what about the right-click context menus?

            Furthermore, why isn't Adblock stopping these things in the first place?

            • Re:Hoard your clicks (Score:5, Informative)

              by pxlmusic (1147117) <pxlent@gmail.com> on Thursday December 11, 2008 @02:39AM (#26071503) Homepage

              because, as the previous poster mentioned, coupling it with NoScript (along with a good AdBlock list) can ensure that you see little to none of that crap.

              i've been doing it quite a while and it has saved me from so much potential bullshit on my computer.

              i get a few calls a week (cable hsi support) from people with these scareware programs on their machines. usually, i recommend they get a professional to clean their computer or will even go so far as to recommend a full system wipe.

              it may take an hour or so to reload Windows, the drivers, system tweaks, etc. and only a few minutes for them to go right back to the same sites that got them there in the first place.

              not only that, but getting your average user to use Firefox, let alone NoScript...forget about it.

            • by Whiteox (919863) <htcstech AT gmail DOT com> on Thursday December 11, 2008 @08:34AM (#26073349) Journal

              Furthermore, why isn't Adblock stopping these things in the first place?

              Because they are not ads.
              That's the dumb thing about the whole 'protect your pc' scam which IMHO is bigger than most people think.

              In the late 90's The big 3 US antiviral companies only scanned for viruses and left the door open for other US companies to provide software firewalls like Zone Alarm.
              The European antivirals however went a step further by not distinguishing virus from worms or trojans and started to include spyware in their scan databases.
              As time went on, pretty much everyone is offering 2 or 3 tiered scanning systems that incorporate firewalls, phishing, popups, malware, spyware, rogueware, trojans, worms and viruses.
              In 2008/9 there are a few more 'threats' like rootkits and the very latest are 'botscans' like http://mtc.sri.com/ [sri.com]
              Trend Micro have their own too.... http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted [trendsecure.com] ... It's the flavor of the month!

              Now MS is getting its act together and are doing what they should have in the first place, is to block holes and to provide a level of free security scans for their products.

              The question that interests me the most is what is pressuring MS to do this?
              Are they growing a conscience? Or do they realise that their precious OS is the main cause of most of the internet abuse in the world?

              In other news, Symantec/Norton have rewrote their internet suite (due to complaints I bet) and are offering 3 months for free (maybe Australia only?)! http://www.asecondchance.com.au/ [asecondchance.com.au] I didn't know if I should laugh or feel sympathetic.

              The abuse that internet aware MS systems are exposed to is massive and a lot of people from both sides are making lots of money. Money to be made 'protecting the pc' and money to be made by attacking it and money to be made by 'cleaning it'.
              I deal with this sort of stuff every day and there is not one single product - professional or free, that can identify, delete and repair all the threats out there.

              And yes, while the ball is rolling and money is to be made, then the game goes on.

      • I would go one step further by getting the Web Site that hosts the marketing firms who then posts these adds to them. I not saying they couldn't in turn sue their marketing company that they do business with but for all the Malware out there you need to target the easiest to hit for the consumer then you can go further down. So for example Slashdot should be responsible for this "I'm Rich. You're Not." add. (which seems questionable to me). If you I were to be stupid enough to click that link and buy a pr

    • by whoever57 (658626) on Wednesday December 10, 2008 @09:28PM (#26068953) Journal

      Part of the problem, of course, is user education

      Part of the problem is that these users have administrator privileges. I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows. In a corporate environment it should be possible to remove admin privileges (unless those who posted such claims were lying).

      Personally, I was amused by this scamware, seeing it scan my PC and find various infected DLLs -- the only problem being that my Linux PC doesn't have any DLLs (except for a few in my WINE installation).

      • Re: (Score:2, Interesting)

        by lord_sarpedon (917201)

        Are you...running malware in WINE for fun?

        You _do_ realize that this grants write access to all your priceless documents in ~
        The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.

        • by whoever57 (658626) on Wednesday December 10, 2008 @09:47PM (#26069165) Journal

          Are you...running malware in WINE for fun?

          No. Perhaps you don't understand. The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

          Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

          • by Anonymous Coward on Wednesday December 10, 2008 @10:37PM (#26069617)

            Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

            Never give more information than is necessary, it will confuse some people.

            • by Macrat (638047)

              Never give more information than is necessary, it will confuse some people.

              Especially front line phone support.

          • Re: (Score:2, Interesting)

            I saw that once too, on Firefox 3.0/Suse 11. A popup appeared from where the SysTray would be, if running XP with the default theme. If it had been on XP, and unwary user would have easily believed it to be a legitimate XP security warning. Another user that I recently converted to Linux saw this on Ubuntu 8.1/Unknown browser, and took it for a good thing that Linux prevented an intrusion. The sad part is that they would have provided sudo if prompted.

          • On several occasions have run across aggressive annoying advertisements which popped-up claiming to have detected viruses and spyware on my computer. On each occasion, I was using Linux and browsing the Internet with Firefox. I normally do not get pop-ups when using Firefox, but some scareware advertisers do still know how to make pop-ups appear.

            Earlier this year, I had just installed a brand new copy of Kubuntu Linux on a brand new hard disk in my computer. It did not (and still does not) have Windows

          • Re: (Score:3, Interesting)

            by mpe (36238)
            The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

            As would be the case if it offered to "scan your registry". No doubt even on a Windows system such sites could list DLLs or registry keys which don't actually exist on the system in question.
            This is like phishing emails where you may not even have an account with the bank in question and even if you do you never told them
        • Even though users can have their files easily restored in minutes from a backup? And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

          • Re: (Score:3, Interesting)

            Even though users can have their files easily restored in minutes from a backup?

            What backup? [slashdot.org]

            And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

            Is "administrator" a fancy term for "geeky neighbor kid"?

            The only files that matter are the user's files, everything else can be fixed with apt-get and a livecd. If those files are messed up, it does not matter that the stock OS files are still intact. The *nix security model is good for protecting users from eachother, while malware protection requires protecting users from themselves. Probably the only ways to get the latter are some unmaintainable SELinux config or a highly inconvenient bro

            • Re: (Score:3, Informative)

              by MaskedSlacker (911878)

              Administrator is a fancy term for the guy who logs in as root and can kill any misbehaving processes launched by the user.

              Again, backups. I just lost 6 months of work to a hard drive crash two days ago that will cost me $1200 to recover. Mechanical failures are wonderful things. Now I have backups in my apartment and remote backups setup. Backups are trivially cheap, there is no reason not to use them other than your own stupidity. Yes, I was stupid not to have one two days ago.

          • Even though users can have their files easily restored in minutes from a backup?

            And what keeps the files from getting infected before the backup?

          • Re: (Score:3, Interesting)

            by lord_sarpedon (917201)

            Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.

            You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to h

        • Are you...running malware in WINE for fun?

          You _do_ realize that this grants write access to all your priceless documents in ~

          Which is why people who test malware in WINE make a separate user for this.

        • by Anpheus (908711)

          Hey, stop right there. In Windows you can protect user accounts but it doesn't work when you choose to make all the other accounts administrators!

          (Yes, that's an OPT-IN, not an OPT-OUT when making new accounts.)

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        the problem is that lots of software (e.g. World of Warcraft and anything that includes Punk Buster) assumes that you have more than normal user privileges. So while you can do it, it makes everyday tasks a pain.
      • by xlsior (524145) on Wednesday December 10, 2008 @10:53PM (#26069761) Homepage
        You can't lock out the primary user of a home computer from installing programs. No matter how many hoops you have to jump through (excplicitely authorize, enter password, etc.) there are still a ton of people that will jump through all the hoops and still end up with the garbage installed.

        After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people. Removing admin rights and having to enter a sudo password before they can install the malware in question still doesn't change the fact that they honestly thought they 'needed' to install the program in question in the first place.

        You can only do so much to protect people from themselves, and in cases like there there isn't much you can do other than prosecute / sue the snot out of the companies doing the malicious advertising and unfounded scaremongering.
    • Re: (Score:3, Insightful)

      by Drakin020 (980931)
      If everyone knew how to properly use a computer, you and I would be out of a job.
  • by DelitaTheFridge (912659) on Wednesday December 10, 2008 @08:46PM (#26068501)
    Click here to fix it, we promise.
  • My university has seen so many students (and even staff!) with variants of this. I'll volunteer for the firing squad.

    • I'll one up that. (Score:4, Interesting)

      by RulerOf (975607) on Wednesday December 10, 2008 @08:53PM (#26068569)

      My university has seen so many students (and even staff!) with variants of this.

      One of my users managed to get it on a fully patched XP machine that I somehow forgot to install Symantec on (yeah, stupid), with basic User privileges.

      Of course, I've seen it a million other times too, but those people were all running with admin privileges.

      • Re: (Score:3, Insightful)

        by gad_zuki! (70830)

        Really? If it lived soley in user space then it would be trivial to remove and couldnt do all the tricks that it does, namely installing services, registering dlls, and over-writing system files.

          One of my users tried to install it and it failed. Something tells me your limited user config isnt standard. There's no shortage of shops that give write access to the c: drive and large parts of the registry because theyre too lazy to find the specific file or key they really need.

        • Re: (Score:2, Informative)

          by RulerOf (975607)
          That shop was a small shop, and the users need a little more slack with their machines since I only talk to them about once a week. I don't have backdoors like the task scheduler locked up, so if you *really* wanted it, you could have admin on these boxes, and a couple apps (I hate quickbooks) require it, so there's a few RunAs scripts and so on that could port you into adminship.

          Nonetheless, I was still impressed.
    • by Trepidity (597) <delirium-slashdotNO@SPAMhackish.org> on Wednesday December 10, 2008 @09:19PM (#26068849)

      I'll volunteer for the firing squad.

      Finally! We usually have to get someone sentenced on trumped-up charges to get our weekly execution, because nobody ever responds to the call for volunteers.

  • Too bad they didn't do this 6 fucking months ago when idiots started opening fake UPS/USPS/FEDEX emails to print their .exe "invoice" inside a zip file.

  • Hey you! (Score:4, Funny)

    by RulerOf (975607) on Wednesday December 10, 2008 @08:59PM (#26068627)

    You've got a virus!

    Pay me or I won't tell you what it is!

    The sad thing is that people fall for it.

    I've actually had the following conversation:

    "What antivirus program was that?"
    "Oh let me see here... [Horrible Trendy Name]"
    "When did you install it?"
    "I don't know."

    I told him to call his credit card issuer.

    Though, as if that's not enough, my neighbor recently couldn't understand how a dialog that, after analyzing basically indicated his computer was "too secure" wasn't a bad thing.

  • by LurkingOnSlashdot (1378465) on Wednesday December 10, 2008 @09:00PM (#26068639)
    Sure these might just be "scamware"... but I beat them at their own game by installing all 5 of the mentioned programs. The combined power is sure to be effective even if one alone is not!
  • by JimMcc (31079) on Wednesday December 10, 2008 @09:16PM (#26068801) Homepage

    According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
     
    At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.

    • by ljw1004 (764174)

      In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

      Your proposal "You can you be so stupid?" sounds okay bit a bit too mild...

      • by Moridin42 (219670)

        Yeah.. but JimMcc is probably speaking about America. The country where everything must be politically correct or else. One of the schools a few hours away made the news recently because the old Rudolph the Red Nosed Reindeer stop motion movie uses the word "christmas" and is thus unsuitable for viewing in the classroom.

        So.. while harsh honesty about the ignorance of computer users may be educational, it won't be tolerated. Not here, anyway.

      • In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

        This was accompanied by "Don't fool yourself, speed kills". Once I saw a car where someone had taken a razor to the two bumper stickers and displayed "Don't fool yourself, you're a bloody idiot". I had to pull over for a few minutes.

  • by erroneus (253617) on Wednesday December 10, 2008 @09:17PM (#26068813) Homepage

    The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.

  • If I go to stopsign.com it will detect all sorts of Windows nastyware on my Linux box.
    They have ads on Direct TV.....
  • by Spatial (1235392) on Wednesday December 10, 2008 @10:54PM (#26069765)
    In an unrelated story, the FTC has invested in some extremely large ovens in an effort to reduce the nation's dependence on foreign energy sources. They claim the new fuel is actually self-perpetuating and that "There is an unlimited supply here at home."
  • At this rate they will nail the Extenze scam by 2015 and Head On by 2020. If they can't shut these things down fast enough, the amount of money they make is still vastly larger than any fine, so the fine and shutdown is just a cost of doing business. They need to be more proactive.
  • Sign me up! (Score:5, Funny)

    by whizzleteats (1364017) on Wednesday December 10, 2008 @11:31PM (#26070121) Homepage
    You mean there's anti-virus software that will find pornography on my computer? Will it show it to me as well? :D
  • The most interesting part of this operation was that they apparently impersonated legitimate businesses, created advertisements for these businesses, and then had them placed on high-profile websites. The buyers of these ads typically had no idea anything was wrong because the ad code was both obfuscated and would only redirect the user to the bad website a small percentage of the time.
  • by the_other_one (178565) on Wednesday December 10, 2008 @11:42PM (#26070245) Homepage

    I wonder if the Sam Jain referenced in the article is the same Sam Jain behind efront [wikipedia.org]. There was plenty of good reading on fuckedcompany.com way back then when the ICQ logs were released on the net.

  • by bensafrickingenius (828123) on Thursday December 11, 2008 @12:22AM (#26070577)
    How am I supposed to put food on my table if people don't have the opportunity to destroy their systems with a single click anymore? My computer repair business is doomed. Doomed, I say!
  • It's ridiculous. (Score:4, Insightful)

    by Anonymous Coward on Thursday December 11, 2008 @12:30AM (#26070671)

    I'm amazed that it's taken this long for something to be done about this. I'm also amazed at the magical protective perception field around them. They're not just scams, they're viruses. If they were written by some 14 year old in their parents basement, heavily armed goons would sweep in and drag them off to jail to face felony charges for unauthorized access to a computer, distributing a virus, etc. The protection racket they're running using their viruses is icing on the cake.

    The fact is, these are viruses and they're not just spread by people voluntarily downloading programs they believe to be anti-virus software due to scary pop-ups. These things use exploits in windows and web browsers to infect peoples system whether or not they choose to install them, then they generate messages that can truthfully claim that the computer is infected with a virus. Having endured hell working in tech support I've seen plenty of infections by this crap.

    So, on the one hand, it's good that someone is finally doing something. On the other hand, where the hell are the criminal charges? Why is it the FTC doing something and not the FBI? Because the criminal scum behind this throw on the trappings of a business they become sacrosanct and get civil actions where the rest of us mere mortals would be put away for life. What the freaking hell!

  • Blaming the User (Score:4, Insightful)

    by Detritus (11846) on Thursday December 11, 2008 @02:34AM (#26071479) Homepage
    If this is the same scam that I've seen lately, have a little sympathy for the end user. The ad generates a nasty dialog box that can only be killed by forcing the browser to quit. The alternative is to "agree" to let them scan your PC. I'm paranoid enough about browser security bugs that there is no way in Hell that I would agree to that. The fact that their ad can create such a dialog box seems like a browser bug to me. Have you stopped beating your wife [Y/N]?

NOWPRINT. NOWPRINT. Clemclone, back to the shadows again. - The Firesign Theater

Working...