Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues
Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden
US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)
From the horse’s mouth
FBI Press release
What is scareware
Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.
In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.
Who ends up with this scareware on their computer
Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.
What you should do to avoid scareware and how should you handle an infestation
The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.
If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.
If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.
How the criminal law fits in to this equation
The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.
This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences.
Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.
Disclaimer regarding ongoing criminal cases
This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.