FTC Kills Scareware Scam That Duped Over 1M Users

coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."

I hope this helps this problem

At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.

However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.

Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

It's easy to stop ...

Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.

Re:It's easy to stop ...

It's not in their immediate financial interest to turn off the tap.

Nor is it their responsibility to make sure their customers spend their money wisely. And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.

Re:I hope this helps this problem

I agree that going after these scareware companies is too difficult, which is why we should go after the advertising networks that help them post their ads instead.
According to the article "The defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements."
Even if you are duped, once you see the scareware ad you should revoke the ad account for that company.
Most sites have a way of clicking that a blog post, wiki article, ... should be reviewed or removed because it is inappropriate, but you never see something like this for an ad.

Re:I hope this helps this problem

Well of course you don't see something like that for an ad. The advertisers are PAYING real money. The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued. It is "good faith" effort to remove stuff that is liable or DMCA. Many of these sites are so 3rd tier, they don't give a damn what bad ads are on their website, as long as they get paid.

Silly me, I still think that part of the cause is that Windows is entirely too easy to pwn.

There is enough blame to go around, but the one thing that is universal is money. The crappy forum/blog/wiki websites want the ad money regardless of content, the scammers want your dollars, MS wants to overcharge and underdeliver, many people are too lazy to learn about their computer and would rather pay the extortion (which doesn't end the problem) than keep their systems up to date, no matter how easy you were to make it.

Re:Hoard your clicks

because, as the previous poster mentioned, coupling it with NoScript (along with a good AdBlock list) can ensure that you see little to none of that crap.

i've been doing it quite a while and it has saved me from so much potential bullshit on my computer.

i get a few calls a week (cable hsi support) from people with these scareware programs on their machines. usually, i recommend they get a professional to clean their computer or will even go so far as to recommend a full system wipe.

it may take an hour or so to reload Windows, the drivers, system tweaks, etc. and only a few minutes for them to go right back to the same sites that got them there in the first place.

not only that, but getting your average user to use Firefox, let alone NoScript...forget about it.

Re:I hope this helps this problem

Part of the problem, of course, is user education

Part of the problem is that these users have administrator privileges. I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows. In a corporate environment it should be possible to remove admin privileges (unless those who posted such claims were lying).

Personally, I was amused by this scamware, seeing it scan my PC and find various infected DLLs -- the only problem being that my Linux PC doesn't have any DLLs (except for a few in my WINE installation).

Re:I hope this helps this problem

You can't lock out the primary user of a home computer from installing programs. No matter how many hoops you have to jump through (excplicitely authorize, enter password, etc.) there are still a ton of people that will jump through all the hoops and still end up with the garbage installed.

After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people. Removing admin rights and having to enter a sudo password before they can install the malware in question still doesn't change the fact that they honestly thought they 'needed' to install the program in question in the first place.

You can only do so much to protect people from themselves, and in cases like there there isn't much you can do other than prosecute / sue the snot out of the companies doing the malicious advertising and unfounded scaremongering.

Re:I hope this helps this problem

Are you...running malware in WINE for fun?

No. Perhaps you don't understand. The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Re:I hope this helps this problem

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Never give more information than is necessary, it will confuse some people.

Re:I hope this helps this problem

McAfee was installed; this software bypassed and disabled McAfee.

Probably a relief. It takes some sophisticated software to get McAfee to stop begging for money. Where could one obtain this miracle malware?

Your computer is broadcasting an IP address!

Click here to fix it, we promise.

Re:Your computer is broadcasting an IP address!

Sure, it is 127.1.

Have fun with it.

Re:Your computer is broadcasting an IP address!

This was (deservedly) modded funny but this scam really exists [hotbrick.com]! (WARNING link points to the scam site, click at your own risk, you may broadcast your ip address to them...)

Re:Your computer is broadcasting an IP address!

hahahahahaha they're SOOOOOOO wrong it says my IP address is 64.8.85.43 and its really 192.168.1.101!!!! go to hell h4x0rz!

[/n00b]

I have them beat

Sure these might just be "scamware"... but I beat them at their own game by installing all 5 of the mentioned programs. The combined power is sure to be effective even if one alone is not!

I have WinXp Viruses on my Mac!

According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
 
At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.

Better late than never

The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.

Sign me up!

You mean there's anti-virus software that will find pornography on my computer? Will it show it to me as well? :D

Re:Get a rope!

I'll volunteer for the firing squad.

Finally! We usually have to get someone sentenced on trumped-up charges to get our weekly execution, because nobody ever responds to the call for volunteers.

Re:Old news

...and if all you want to do is surf the web, sure, Linux or even an old WebTV box is just dandy. Problem is, people are used to doing more with their computer. That's where Linux leaves most people with the feeling of holding a wet fish.

you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

I know your trolling, but it's worth pointing out this is dead wrong. I'm using Windows with no anti-virus/spyware programs and the firewall built into my DSL Router. The one and only time I've personally had a virus was in 1997, when my then idiot girlfriend downloaded and executed an IRC script. The best defence is knowledge. Period. There is no OS in the world that is secure with ignorance behind the keyboard. Sure, Linux offers a huge huge security advantage because of it's obscurity, but that's a double edged sword that points back to my first point. People want more out of their PC, and I can't blame them. You want protection? Start with you. Those who rely on others first are usually the ones to get screwed first.

Re:Old news

I find that interesting. My laptop is almost 10 years old, with a PII 233 Mhz chip and maxed out at 96Meg of RAM, but I have Linux running on it. And, I've never had the slightest difficulty connecting it to the Internet or surfing the web. Either you have some very weird hardware or you haven't tried very hard.

Re:Old news

That's because the Linux community has collectively decided that *you* don't deserve to run it, so we put in special code to keep you off the 'net. It's better for everybody this way.

;oD :op

Re:A fool and his money...

I believe this is called Windows Live OneCare, right?

Re:2 solutions

Now I will agree, the majority of people, regardless of age, is below average.

Here he demonstrates those math skills he was talking about.