Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

From the horse’s mouth

European Union

Microsoft’s press release

My comments on this issue

Previously, there was talk of Microsoft having to supply European customers with “browser-delete” options for copies of Windows 7 operating system where they would have to explicitly download their browser of choice and wouldn’t be able to “get going” with Internet Explorer. Now, there is the requirement to provide a “browser-select” screen when you can install any of 12 alternative browsers and nominate one of the other browsers as the default browser. This will have the browsers organised in a random order so as not to favour Internet Explorer or a “browser-skin” with hooks to the Internet Explorer code.

One main improvement that I had liked about this is that you can deploy more than one browser from the “browser-select” screen, which will please Web-site developers who want to test their site in other browser environments. Similarly this will please users who are testing browsers for a proposed usage environment or replicating problems encountered with a particular browser.

It will be feasible for a computer supplier to “run with” a different default browser yet consumers can choose whichever browser suits them better. This would be more so with operations like Dell or the small independently-run High Street computer shops who build computers “to order” for individuals, rather than suppliers like HP/Compaq or Toshiba who build systems to particular packages to be sold through electronics chain stores.

The only issue is whether an individual or organisation can determine a particular browser as part of a Windows-based “standard operating environment” when they specify their computer equipment and not have to pass through the “browser-select” screen. Also, what will be the expectation for any proposed computer fleets and “standard operating environments”? Will the company who buys the computer equipment be able to determine which is the default browser for their environment or will they be required to allow individual staff members / end-users to choose which browser they are to work with? The reason I am raising this issue is because in some countries within the EEA like France, there is an organised-labour culture where the trade unions can exercise a lot of influence over what goes on in a workplace.

Another issue that may need to be raised is whether the European-specific “browser-choice” arrangements will be available outside of the European Economic Area. This may be of concern to independent system builders who may want to assure customers of browser choice as a differentiating factor or local, state or federal government departments who may want to be assured of this for computers supplied as part of their IT programs operating in their area or as part of a legislative requirement for their area. It may also be of benefit to PC users who want to load their computers with many browsers so as to, for example, test a Web site under many operating environments.

From this, I have been observing the smartphone marketplace and am noticing a disturbing trend where platform vendors are setting up their own application-distribution platforms that usually manifest as “app stores” that run on either the PC-device synchronisation program or on the device’s own user-interface screen. These platforms typically require the software to be pre-approved by the platform vendor before it is made available and, in some cases like the Apple iPhone, you cannot obtain the software from any other source like the developer’s Web site, competing app store or physical medium. You may not even be able to search for applications using a Web page on your regular computer, rather you have to use a special application like iTunes or use the phone’s user-interface.

People who used phones based on the Windows Mobile or Symbian S60 / UIQ platform were able to install applications from either the developer’s Website or a third-party app store like Handango. They may have received the applications on a CD-ROM or similar media as the mobile extension for the software they are buying or as simply a mobile-software collection disc. Then they could download the installation package from these sites and upload it to their phone using the platform’s synchronisation application. In some cases, they could obtain the application through the carrier’s mobile portal and, perhaps, have the cost of the application (if applicable) charged against their mobile phone account. They can even visit the application Website from the phone’s user interface and download the application over the 3G or WiFi connection, installing it straight away on the phone.

The main issue that I have with application-distribution platforms controlled by the device platform vendor is that if you don’t have a competing software outlet, including the developer’s Web site, a hostile monopolistic situation can exist. As I have observed with the iPhone, there are situations where the platform vendor can arbitrarily deny approval for software applications or can make harsh conditions for the development and sale of these applications. In some cases, this could lead to limitations concerning application types like VoIP applications being denied access to the platform because they threaten the carrier partner’s revenue stream for example. In other cases, the developer may effectively receive “pennies” for the application rather than “pounds”.

What needs to happen with application-distribution platforms for smartphones and similar devices is to provide a competitive environment. This should be in the form of developers being able to host and sell their software from their Website rather than provide a link to the platform app store. As well, the platform should allow one or more competing app stores to exist on the scene. It also includes the carriers or service providers being able to run their own app stores, using their ability to extend their business relationships with their customers like charging for software against their customers’ operating accounts. For “on-phone” access, it can be facilitated in the form of uploadable “manifest files” that point to the app store’s catalogue Website.

As well, the only tests that an application should have to face are for device security, operational stability and user-privacy protection. The same tests should also include acceptance of industry-standard interfaces, file types and protocols rather than vendor-proprietary standards. If an application is about mature-age content, the purchasing regime should include industry-accepted age tests like purchase through credit card only for example.

Once this is achieved for application-distribution platforms, then you can achieve a “win-win” situation for extending smartphones, MIDs and similar devices

The problem can lead to popups that are to be part of your Web experience, such as a transaction wizard, being blocked or, at worst, the browser program hanging or crashing frequently. This is due to competition between the different programs to manage the same site or pop-up screen.

To avoid this, make sure that you are running one popup blocker program only, whether the third-party program or the one that is integrated in your browser. Personally, I would prefer to use the one that is integrated in the browser because of it being tightly linked with the browser’s code, thus avoiding use of unnecessary system resources.

My comments

At least there is some accurate information regarding the arrival of Vista Service Pack 2 and what it will contain. This service pack could draw more people towards Windows Vista and offer something that can avoid the idea of going “back to XP”.

At least there are a few options that may benefit the laptop user and the modern WiFi-driven home computing environment. One would be to work hand in glove with WPS configuration as more routers come with “over-the-air” WPS configuration. As well, the Bluetooth Feature Pack which will offer what is expected of a Bluetooth setup will be available for people who buy Bluetooth functionality independent of the operationg system. This would encompass system builders; and those of us who provide Bluetooth functionality via an aftermarket device such as a USB dongle or move to Vista by buying it through the retail channel. The other desireable feature would be for the operating system to “natively” burn data to Blu-Ray discs; which would definitely come in handy with backing up hard disks or archiving old data.

In my honest opinion, this service pack can “tide us over” until Windows 7 comes on the scene as the next operating system.

Come on “I’m A PC”!