Seven Ways to Combat Scareware

Thursday, October 28, 2010

Robert Siciliano


You may have seen this before, it goes like this: a pop-up pops and it looks like a window on your PC. Next thing a scan begins.

It often grabs a screenshot of your “My Computer” window mimicking your PCs characteristics then tricking you into clicking on links.

The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day.

From that point on if you don’t download and install the software, your computer goes kooky and pop-ups will invade you like bedbugs in New York City.

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links and download their crappy software.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rogue software comes equipped with a customer support link leading to a live session with the bad guy.

Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC. 

Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site.

The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”.

These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

#1 Use the most updated browser. Whether Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser.

#2 Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scareware.

#3 If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

#4 Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

#5 Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

#6 Employ the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

#7 Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Just hit the little red X in the upper right corner.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Possibly Related Articles:
Viruses & Malware
virus scams malware
Post Rating I Like this!
David Dann If users have to be made wary of messages and alerts that look so legitimate then how can they to any degree trust the very OS that supports their applications? Where was the advice in this column for users on how to distinguish between scareware and real OS or AV malware alerts? Genuine system alerts and messages appear to users like pop up messages. The next generation of scareware will only get more clever and insidious. Even infosec professionals could be tricked by these messages.

This is why security awareness training has its limitations. We must stop blaming users for being easily fooled in the face of increasing sophisticated attacks.
Robert Siciliano Go ahead David. You're up. Enlighten us.
Anthonie Ruighaver I could not find anything in the article on blaming users. Actually, the article seems to be aimed at home users more than at employees.

Still, blaming employees and punishing employees does still happen a lot though in security and is in general counter-productive.

What the article does emphasize though is a reliance on the user to ensure security is up-to-date. In an organization you should minimize such reliance.

So, what would be the best tools/processes that a security administrator can use to identify those employees that do use insecure browsers, or don't have pop-ups blocked.
David Dann Robert - I know that nuance can't be expressed in a web post but you're challenge of, "Enlighten Us" is a bit snarky. You've missed the point of my first reply. There's good advice in your 7 ways but many users will not distinguish between a browser pop up message and a legitimate alert and it's not because they're naive or ignorant. We know that if anything is certain it is the creativity of phishers and attackers in exploiting vulnerabilities and in being able to overcome new defenses in this ever escalating arms race. The primary onus to keep criminals at bay should be on those who created these "insecure browsers" in the first place.
Robert Siciliano David, my intention was respond snarky to your snarky. Whether you put the onus of responsibility on the user or the browser or the antivirus provider the fact is the ruse is what it is and the user needs to pay attention to which I have given them enough information to do so. So unless you actually have information to enhance the value for the reader opposed to degrading my efforts or placing blame on whoever what do you have to offer?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.