FTC Kills Scareware Scam That Duped Over 1M Users 329
coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers.
According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."
It's easy to stop ... (Score:5, Insightful)
Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.
Re:I hope this helps this problem (Score:5, Insightful)
According to the article "The defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements."
Even if you are duped, once you see the scareware ad you should revoke the ad account for that company.
Most sites have a way of clicking that a blog post, wiki article,
I have WinXp Viruses on my Mac! (Score:5, Insightful)
According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.
Better late than never (Score:5, Insightful)
The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.
Re:I hope this helps this problem (Score:2, Insightful)
Re:I'll one up that. (Score:3, Insightful)
Really? If it lived soley in user space then it would be trivial to remove and couldnt do all the tricks that it does, namely installing services, registering dlls, and over-writing system files.
One of my users tried to install it and it failed. Something tells me your limited user config isnt standard. There's no shortage of shops that give write access to the c: drive and large parts of the registry because theyre too lazy to find the specific file or key they really need.
Re:I hope this helps this problem (Score:5, Insightful)
Well of course you don't see something like that for an ad. The advertisers are PAYING real money. The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued. It is "good faith" effort to remove stuff that is liable or DMCA. Many of these sites are so 3rd tier, they don't give a damn what bad ads are on their website, as long as they get paid.
Silly me, I still think that part of the cause is that Windows is entirely too easy to pwn.
There is enough blame to go around, but the one thing that is universal is money. The crappy forum/blog/wiki websites want the ad money regardless of content, the scammers want your dollars, MS wants to overcharge and underdeliver, many people are too lazy to learn about their computer and would rather pay the extortion (which doesn't end the problem) than keep their systems up to date, no matter how easy you were to make it.
Re:Old news (Score:5, Insightful)
...and if all you want to do is surf the web, sure, Linux or even an old WebTV box is just dandy. Problem is, people are used to doing more with their computer. That's where Linux leaves most people with the feeling of holding a wet fish.
you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.
I know your trolling, but it's worth pointing out this is dead wrong. I'm using Windows with no anti-virus/spyware programs and the firewall built into my DSL Router. The one and only time I've personally had a virus was in 1997, when my then idiot girlfriend downloaded and executed an IRC script. The best defence is knowledge. Period. There is no OS in the world that is secure with ignorance behind the keyboard. Sure, Linux offers a huge huge security advantage because of it's obscurity, but that's a double edged sword that points back to my first point. People want more out of their PC, and I can't blame them. You want protection? Start with you. Those who rely on others first are usually the ones to get screwed first.
Re:I hope this helps this problem (Score:5, Insightful)
Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.
Never give more information than is necessary, it will confuse some people.
Re:It's easy to stop ... (Score:5, Insightful)
Nor is it their responsibility to make sure their customers spend their money wisely. And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.
Re:I hope this helps this problem (Score:5, Insightful)
McAfee was installed; this software bypassed and disabled McAfee.
Probably a relief. It takes some sophisticated software to get McAfee to stop begging for money. Where could one obtain this miracle malware?
Re:I hope this helps this problem (Score:3, Insightful)
Re:2 solutions (Score:5, Insightful)
Here he demonstrates those math skills he was talking about.
It's ridiculous. (Score:4, Insightful)
I'm amazed that it's taken this long for something to be done about this. I'm also amazed at the magical protective perception field around them. They're not just scams, they're viruses. If they were written by some 14 year old in their parents basement, heavily armed goons would sweep in and drag them off to jail to face felony charges for unauthorized access to a computer, distributing a virus, etc. The protection racket they're running using their viruses is icing on the cake.
The fact is, these are viruses and they're not just spread by people voluntarily downloading programs they believe to be anti-virus software due to scary pop-ups. These things use exploits in windows and web browsers to infect peoples system whether or not they choose to install them, then they generate messages that can truthfully claim that the computer is infected with a virus. Having endured hell working in tech support I've seen plenty of infections by this crap.
So, on the one hand, it's good that someone is finally doing something. On the other hand, where the hell are the criminal charges? Why is it the FTC doing something and not the FBI? Because the criminal scum behind this throw on the trappings of a business they become sacrosanct and get civil actions where the rest of us mere mortals would be put away for life. What the freaking hell!
Re:Hoard your clicks (Score:3, Insightful)
I know a good bit about computers, but I had never heard about anything like this. Would this actually be possible - emulating the entire thing? I'm sure the X boxes and whatnot would be easy, but what about the right-click context menus?
Furthermore, why isn't Adblock stopping these things in the first place?
Re:The obvious truth (Score:3, Insightful)
Is the FTC going to crack down on politicians now too? This is fantastic!
Blaming the User (Score:4, Insightful)
Re:Old news (Score:3, Insightful)
Out of interest, since you're running no AV/spyware scanners - how do you KNOW you're not and haven't been infected? I've seen all sorts of nasties that install and run silently. Including ones that don't require social engineering to install.
Firewalls protect against direct attacks, but they don't stop iffy attachments such as the latest .wri exploit, or exploits in the browser (and firefox isn't entirely immune either, though it's a lot safer than IE)
Linux offers a huge security advantage because it's better designed. Apache is still more popular than IIS, and has a had tiny, tiny amount of the exploits than IIS has had over the years, though IIS has improved a lot lately.
Even if I accept your premise that all you need is knowledge to protect your systems, which I don't, expecting all users to be expert technicians simply to browse the internet is unrealistic. Some measures to protect themselves, sure - but specialization requires time, and non-IT people rather need to spend that learning other things.
Equally, people may well not have the time to learn how to use linux, which is fair enough. Based on the criteria that many have for linux, windows isn't ready for the desktop either. If linux had 90% market share and everybody used it already, windows would be struggling hard to get any users.
Re:Old news (Score:3, Insightful)
This is not trolling, this is fact for people that are too busy doing other things instead of turning into geeks.
Re:Old news (Score:4, Insightful)
If these millions of people were running Ubuntu they'd still be infected by malware.
Why? Because these people thought the malware was _good_ software. They would do whatever seems reasonable to them to install it. If it means downloading and executing something, or even entering an admin password, they would do it.
There have been windows viruses that spread via password protected zip files - victims would have to enter the password in the email to unzip the zipfile, then launch it. Many did.
The authorities should just be more active in prosecuting such cases of fraud. Because that's what the scareware scam is - mass fraud. Such scammers cause far more harm than that silly Brit who hacked into US military computers to look for evidence of UFOs.
Once you start jailing scammers the amount of spam we get will be less - because there's a fair bit of scam spam too.
[1] Linux isn't much more secure than Windows XP SP3. Fact is Windows XP SP3 provides better sandboxing than many Linux distros. When you launch some new unsigned program, Windows often prompts you to say that the program is trying to make outbound network connections. Ubuntu, Suse don't do that by default. They have apparmor and SELinux but if the average sysadmin finds them a pain to deal with, they're not suitable for even the more knowledgeable users.
I have made suggestions to Ubuntu and Suse to try to make sandboxing better (better than windows and anything out there that I'm aware of), but I don't see very much progress happening.
Re:It's easy to stop ... (Score:5, Insightful)
Yeah, just like they did when they stopped taking payments to AllofMP3.com.
oh, wait...
Re:Hoard your clicks (Score:5, Insightful)
Furthermore, why isn't Adblock stopping these things in the first place?
Because they are not ads.
That's the dumb thing about the whole 'protect your pc' scam which IMHO is bigger than most people think.
In the late 90's The big 3 US antiviral companies only scanned for viruses and left the door open for other US companies to provide software firewalls like Zone Alarm. ... It's the flavor of the month!
The European antivirals however went a step further by not distinguishing virus from worms or trojans and started to include spyware in their scan databases.
As time went on, pretty much everyone is offering 2 or 3 tiered scanning systems that incorporate firewalls, phishing, popups, malware, spyware, rogueware, trojans, worms and viruses.
In 2008/9 there are a few more 'threats' like rootkits and the very latest are 'botscans' like http://mtc.sri.com/ [sri.com]
Trend Micro have their own too.... http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted [trendsecure.com]
Now MS is getting its act together and are doing what they should have in the first place, is to block holes and to provide a level of free security scans for their products.
The question that interests me the most is what is pressuring MS to do this?
Are they growing a conscience? Or do they realise that their precious OS is the main cause of most of the internet abuse in the world?
In other news, Symantec/Norton have rewrote their internet suite (due to complaints I bet) and are offering 3 months for free (maybe Australia only?)! http://www.asecondchance.com.au/ [asecondchance.com.au] I didn't know if I should laugh or feel sympathetic.
The abuse that internet aware MS systems are exposed to is massive and a lot of people from both sides are making lots of money. Money to be made 'protecting the pc' and money to be made by attacking it and money to be made by 'cleaning it'.
I deal with this sort of stuff every day and there is not one single product - professional or free, that can identify, delete and repair all the threats out there.
And yes, while the ball is rolling and money is to be made, then the game goes on.