FTC Kills Scareware Scam That Duped Over 1M Users 329
coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers.
According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."
Re:I hope this helps this problem (Score:5, Informative)
Part of the problem is that these users have administrator privileges. I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows. In a corporate environment it should be possible to remove admin privileges (unless those who posted such claims were lying).
Personally, I was amused by this scamware, seeing it scan my PC and find various infected DLLs -- the only problem being that my Linux PC doesn't have any DLLs (except for a few in my WINE installation).
Re:I hope this helps this problem (Score:5, Informative)
No. Perhaps you don't understand. The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.
Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.
Re:Old news (Score:5, Informative)
Helllooo.... FCC ... um, Stopsign.com ? (Score:2, Informative)
They have ads on Direct TV.....
Hoard your clicks (Score:4, Informative)
...The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued...
Actually, there's another reason. If you click on anything at all, they can record your address in their web journals and tick a box labeled "This person is a potential mark". It's one of the reasons why I close these bogus displays by going around and closing them from the operating system. I do not trust any button or other clickable control presented to me from any window that I didn't specifically ask to see. Even the little X in the top right corner, they can emulate those controls with controls of their own, and can record the fact that you've paid them a bit of attention. And for such people, the less attention you pay them the better.
Re:I hope this helps this problem (Score:5, Informative)
After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people. Removing admin rights and having to enter a sudo password before they can install the malware in question still doesn't change the fact that they honestly thought they 'needed' to install the program in question in the first place.
You can only do so much to protect people from themselves, and in cases like there there isn't much you can do other than prosecute / sue the snot out of the companies doing the malicious advertising and unfounded scaremongering.
Re:I'll one up that. (Score:2, Informative)
Nonetheless, I was still impressed.
Re:I hope this helps this problem (Score:1, Informative)
You'd be surprised - recent versions of this will still infest a limited user account by writing its startup entries into the user's personal registry hive and keep itself tucked away in temporary folders. Sure, you can log in as Administrator and blow it away pretty easily if you keep on your system updates, but it'll bust through with old local privilege escalation exploits if you don't, and often loads a rootkit that does a pretty passable job of hiding itself even from an offline BartPE disc.
And the seemingly hourly updates keep antivirus vendors pretty much lost with this. I uploaded a few samples I'd cleaned today to VirusTotal's site, and the root infection .dll file was detected by a grand total of THREE out of fourty scanners (and they weren't even the "reputable" ones).
The only solution I've seen is to completely revoke execution privileges on the user's account directory. Now I'll just wait while they update the sites to ask people to save to a USB drive... and I promise you that the year of the Linux desktop hits, they'll start giving out .rpm packages, too.
Captcha: resent
Re:I hope this helps this problem (Score:3, Informative)
Administrator is a fancy term for the guy who logs in as root and can kill any misbehaving processes launched by the user.
Again, backups. I just lost 6 months of work to a hard drive crash two days ago that will cost me $1200 to recover. Mechanical failures are wonderful things. Now I have backups in my apartment and remote backups setup. Backups are trivially cheap, there is no reason not to use them other than your own stupidity. Yes, I was stupid not to have one two days ago.
Re:It's easy to stop ... (Score:2, Informative)
You seem to have some intelligent points to make. However, I can't decipher them. I'm not trying to be a pedant, but can you take a second and try to rework your post to make it more clear? In particular, can you elaborate on your point about ebay not encrypting passwords?
Re:2 solutions (Score:1, Informative)
Here he demonstrates those math skills he was talking about.
Actually, if he had said "median" you would be correct in your scathing intimation; however, he did in fact say "average", or "arithmetic mean".
This is defined by dictionary.com as "the mean obtained by adding several quantities together and dividing the sum by the number of quantities: the arithmetic mean of 1, 5, 2, and 8 is 4. "
Consider the following: In a group of 100 people, 20% (that's 20 people, btw) has a relatively high level of intelligence..for simplicity's sake we'll give them the mathematical value of 120...we can easily say that they are the minority. For the other 80% let's apply an intelligence value of 100.
The mathematical formula would look like this:
((20 x 120) + (80 x 100)) / 100 = 104
So: The average intelligence is 104. How many people in my problem are below the intelligence level of 104?
If you need to read it over again, I'll wait here for a moment....
Ok...since 80% of the people in this case are below the average, can we all agree that the statement "most people are below average intelligence" can be accurate?
Furthermore, you can see that it's not that hard to have "above average intelligence" if there is a large number of people with a relatively similar level of intelligence.
This is why we don't use "average" for serious calculations if a population possibly having disparate or distinct groups is involved. Investigate "standard deviation" for a more applicable valuation system.
Many humans believe they have above average intelligence. Some might, but unfortunately it doesn't mean what they believe it does.
Oh...you may have mistook an IQ of 100 as average. It's not.
Re:Hoard your clicks (Score:5, Informative)
because, as the previous poster mentioned, coupling it with NoScript (along with a good AdBlock list) can ensure that you see little to none of that crap.
i've been doing it quite a while and it has saved me from so much potential bullshit on my computer.
i get a few calls a week (cable hsi support) from people with these scareware programs on their machines. usually, i recommend they get a professional to clean their computer or will even go so far as to recommend a full system wipe.
it may take an hour or so to reload Windows, the drivers, system tweaks, etc. and only a few minutes for them to go right back to the same sites that got them there in the first place.
not only that, but getting your average user to use Firefox, let alone NoScript...forget about it.
Re:I have WinXp Viruses on my Mac! (Score:2, Informative)
So america was taken over by the commies but the populace never knew it.