Computer users have been conditioned over the last few years to recognize and avoid many of the more common scams and threats on the Internet: email viruses, phishing, spam, Nigerian 419 ploys and work-at-home money-mule schemes. You know that an email promising the latest shocking revelation and photo of Madonna is probably more likely to install malware on your machine than to spice up your day with more of her dramatic antics.
But as much progress as we’ve made in educating users about online threats, there are some newer scams out there that take advantage of the fact that users have been trained to pay attention to the security software on their PCs and do it what it tells them. Known as scareware, these scams are designed to trick a user into thinking that they have a virus or piece of spyware on his PC, and then preys on the user’s fear to entice him into downloading a piece of malicious software masquerading as antivirus or antispyware software.
The scam works like this: A user visiting a legitimate Web site is confronted with a pop-up box (see below) informing him that several pieces of malware or spyware have been found on his PC and he must either run a scan or download a special piece of software to fix the problem. The dialog boxes often look very much like the legitimate ones generated by the Windows Security Center, complete with the familiar Windows icon and the Security Center’s shield icon.
But, any user who clicks on the box will be in for a nasty surprise. Many scareware programs install either a Trojan horse application that sits silently on the user’s PC, recording keystrokes and stealing passwords and other valuable data, or a useless piece of software that does nothing, least of all remove any malware on the machine. Often, even clicking on the “cancel” button or the X in the top of the dialog box will begin the download process.
Some of the more notorious of these rogue applications, such as Antivirus360, masquerade as legitimate security software. These applications often will generate false warnings once they’re installed on the victim’s PC, demanding that the user pay a “license fee” in order to remove the imaginary malware. In extreme cases, the scareware will prevent the user from getting online, opening files or doing any other task until the fee is paid. Of course, once the fee is paid, the imaginary threats magically disappear.
The key tactic of the scareware scammers is their ability to mimic the look and feel of the Windows dialog boxes. To the untrained (or even the trained) eye, the boxes look quite legitimate. So the key to recognizing and avoiding these scams is to know what antivirus and security software is running on your PC and to know what the alerts from it look like. If you see any other pop-ups that appear to come from the Windows Security Center, don’t click on them. Instead, click on the Start button on your PC, go to the Control Panel and then open up the Security Center.
The Windows Security Center will show the status of the security software on your machine. If you’re running a third-party antivirus program, open that and check that it’s running normally. If all is well, then it’s time to get rid of the pop-up. Again, avoid clicking on the box itself and instead hold down the CTL-ALT-DEL buttons together and click on the Task Manager. Find the pop-up box in the list of running applications and kill it.
There are a number of good resources on the Web for recognizing and removing scareware:
Dennis Fisher is the editor of Threatpost.com, the first stop for security news, and the host of the Digital Underground podcast. He is a veteran technology journalist who has been covering Internet security for nearly 10 years.