Forgot your password?
typodupeerror
Privacy Crime Security The Internet United Kingdom IT Your Rights Online

Web-Users Fall For Fake Anti-Virus Scams 272

Posted by CmdrTaco
from the i-use-magnum-xl-av dept.
jhernik writes "Fearing their computers may be prone to viruses, many web-users download fake anti-virus software, only to find later that their bank details have been hacked. According to the latest research by GetSafeOnline.org, the UK's national internet security initiative, a rising nunber of organised criminal gangs are tricking security-conscious intenet-users into purchasing anti-virus software to access their bank details. Posing as legitimate IT helpdesks, these fraudsters target internet users concerned about protecting their computers. By offering free virus checks, they normally tell consumers that their machines are infected and offer fake security software protection – usually costing around £30 – which is actually malicious software in disguise." The fact that there is such a thriving market for fake AV scams really says something about the present state of the legitimate AV market.
This discussion has been archived. No new comments can be posted.

Web-Users Fall For Fake Anti-Virus Scams

Comments Filter:
  • by gregthebunny (1502041) on Monday November 15, 2010 @11:24AM (#34231578) Journal
    Most computer users are simply naive; some are downright stupid. This should be tagged: !news.
    • by Tarlus (1000874)

      Yeah, it's not exactly news. For a couple of years I've been seeing pop-ups which try to mimic the XP "My Computer" Explorer window, warning of hundreds of viruses on each of the user's drives. Of course the whole thing is bogus but soon I find myself removing "AntiVirus XP 2011" or some crap like that from the computers of people who fell for it.

      But, it is always funny if not a little confusing to see those popups while using Win7 or a non-Windows OS.

    • by bonch (38532)

      Just because users are often naive doesn't mean it's not news with there's a new wave of a specific type of malware, which allows Slashdot's technical readers to discuss Windows security, how to better educate users, the current state of the antivirus market, and so on. Lighten up a little, sheesh.

    • by blair1q (305137)

      It's science. It increases the number of significant figures in "most" from 0 ("0.5 to 1") to 2 ("24%) and reveals it not to be "most" but only 1 in 4.2 of those surveyed.

  • Or... (Score:3, Insightful)

    by ShadowRangerRIT (1301549) on Monday November 15, 2010 @11:25AM (#34231606)
    The thriving market for fake AV scams simply means people are too cheap to pay full price for a commercial AV scanner, or too stupid to find a legit free one. Computers are appliances to 90% of the world's population, and no other appliance requires expensive upgrades to determine if it's being misused. Even without a car alarm, you'll notice if your car isn't where you parked it, but a most infected computers don't advertise as such. People know they need an AV scanner, and hey, the computer just offered them one, "Score! No need to go shopping for one!" All viruses (that aren't autonomous worms) spread based on misplaced trust or greed, and getting a cheap AV scanner appeals to both instincts.
    • by ByOhTek (1181381)

      Or that they are unaware that they already have one, or that they just are too trusting when someone says it's failed. Given that the users are demonstrating a lack of knowledge about reliability about AV software, the latter says more about the user than the installed AV.

    • by takowl (905807)

      Even without a car alarm, you'll notice if your car isn't where you parked it

      It won't do you much good, though. This is why an alarm is now standard in most, if not all, new cars. Microsoft seems to be moving in the same direction for Windows, with Security Essentials. I guess antitrust issues stop them from installing it by default, though.

      • The funny part being that Security Essentials is actually pretty decent for a freely (as in gratis) distributed app. I actually wish MS put just a tiny bit of effort to push it in windows, so that those who are cheap would install it before they fall prey to the Antivirus XP BS.

        • by brainboyz (114458)

          They did and they got backlash from the anti-monopoly community and other AV vendors for "repeating the IE mistake" with AV.

          • by hedwards (940851)
            To be fair, it was handled differently than IE was. It was apparently only showing up on computers where the update program didn't detect an already installed antivirus program.
    • by KarmaMB84 (743001)
      If ads on legitimate sites weren't offering up these kinds of "tools", I'd be more inclined to agree the users that get infected are somehow stupid. I remember having my antivirus going off on a regular basis when browsing completely legit sites because an ad embedded in it was attempting an exploit.
    • Free isn't Easy (Score:3, Insightful)

      To be fair, it's not exactly easy to find a legit free AV programme. Downloading my poinson of choice, AVG, for example, requires you to navigate through the website, locate the tiny "free version" link on a series of pages, and wind through and around a whole lot of annoying screens designed to baffle/frustrate/bully you into buy a pay version.

      And worse, you then have to go through this whole process again every six months when they release a new version that isn't covered by the auto updater.

      I definitely

  • Seriously. This has been going on for YEARS. Why is this being posted here?
  • by bonch (38532)

    I've had to clear a few of these off co-workers' machines this year. Running Windows 7 with the latest security patches and legitimate protection software installed, and people still get infected with this crap, so it's the users installing it and not just holes in the system being exploited. The last one I removed actually replaced the Windows shell on startup with itself, disabling web browsers, regedit, and other key system software. I felt like going on a shooting spree.

    • by tverbeek (457094)

      Is it too late to require people to learn how to use these devices properly before they're sent zooming along the information superhighway?

      • by bonch (38532)

        I don't blame them at all for installing the malware. In the case of the last cleanup I did, a web page apparently displayed a window that was made to resemble a Windows security alert. I think the solution is better computing environments, such as iOS, leaving the technical environment of a desktop PC to technical individuals who require it. Why should someone run Windows if all they do is word processing or web browsing? As Steve Jobs put it, today's PC environment will eventually be like pickup trucks. N

        • My mechanic gets plenty of money from me not knowing the ins and outs of my exhaust manifold. However...

          -I do know what oil my car takes and how to change it myself. I may not always change it myself due to time constraints.

          -I know where my spare tire is located and how to change it if I'm stuck on the side of the road.

          -I have a cursory idea as to what the major components of my car do, so when he describes what the issue is, my eyes don't glaze over.

          -When I do get a 'check engine' light, I make a mental no

      • by delinear (991444)
        Only when it hits them financially - maybe if banks offered better rates or incentives to people who had passed some kind of basic internet competency exam, we'd see people making the effort to educate themselves (or lots of people falling for fake competency exam scams).
      • by hedwards (940851)
        I've suggested that in the past and been accused of being elitist. That's how driver licensing came into being. Having people driving around at a whopping 8mph with no other vehicles on the road didn't really require much in the way of regulation. But now that vehicles have to be able to do at least 30 mph in order to cope with even side streets we now license just about all of them. Bikes and mopeds excluded.

        Likewise, I think that requiring people to be able to install anti-malware and update their comp
    • Re:Ugh (Score:4, Interesting)

      by gad_zuki! (70830) on Monday November 15, 2010 @12:06PM (#34232054)

      >so it's the users installing it and not just holes in the system being exploited.

      Are you sure about that? The analysis of various crimepack stats posted by Brian Krebs [krebsonsecurity.com] shows that the vector for these infections is usually (in order) Java, Adobe Reader, Flash, and browser exploits. So lets assume you patched these machines using Windows Update. That means you patched any known browser exploits, but the malware writer can still try various Java, Reader, and Flash exploits.

      I think the real issue currently is how poorly these app updaters are written. Reader may never ask to do an update unless you manually start it once to install the current version of Adobe Updater. Java, depending on the version, either sits quietly in the tray asking for an update or never bothers. Flash asks at startup sometimes, but it may only update IE, but not Firefox.

      For end users who have no clue, which is most of them, these apps should just be set to auto-update without asking. Admins and power users can edit this as needs be. In the meantime, its pretty trivial to infect a machine. Almost no one makes an effort to patch these apps.

      I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.

      • by hedwards (940851)

        I don't believe the problem is PEBCAK as we like to think. Browser plugs are a serious issue. They're just not being updated.

        To an extent you're correct. The technology has gotten to the point where all sorts of things can be infected and you don't have to download it explicitly to get infected.

        However, sandboxing, antivirus software, not clicking on suspicious links and keeping the OS updated is more or less mandatory for anything resembling a secure browsing experience.

        • Re: (Score:3, Interesting)

          by gad_zuki! (70830)

          Who is sandboxing? Sure IE by default runs in protected mode, but the plugins I mentioned do not. Suspicious links are meaningless, these exploits do no require visiting some odd link. Most of these hackers take over ad servers and push malware in ads on legitimate sites.

          AV sofware is also useless. These guys are compiling multiple versions of their malware per hour. Your AV can't keep up. By the time the AV vendors have a signature its 12-48 hours too late and that build is removed from production.

          Remember

    • by King_TJ (85913) on Monday November 15, 2010 @01:00PM (#34232876) Journal

      Actually, I'm not so sure it's always an issue of users installing this stuff voluntarily?

      The "Vundo" trojan is supposedly a leading cause of automated installations of the annoying "AntiVirus 2009/2010" fake AV packages and other garbage.

      (See: http://en.wikipedia.org/wiki/Vundo [wikipedia.org])

      I recently cleaned this off of a PC for a client of mine, and in their case, the original trojan horse files were found embedded in the compressed Java runtime files. So at least some of this stuff may be coming from "drive by infections" that take advantage of security flaws in older versions of the Sun JRE. Once the trojan is implanted in the JRE, it proceeds to auto download and install this other stuff.

  • by kj_kabaje (1241696) on Monday November 15, 2010 @11:28AM (#34231628)
    cue /. superiority complex... Seriously, rather than tag as !news or PEBKAC, how about some intelligent discussion about either educating the general public or another more intelligent solution?
    • Re: (Score:3, Interesting)

      how about some intelligent discussion about either educating the general public or another more intelligent solution?

      We did that about 10 years ago when this story was fresh.

      We've been doing that for the past 10 years. And we've decided that PEBKAC.

      My idea of an intelligent solution is an infectious antivirus - spreads like other viruses do, via email, poisoned URLS, phishing, etc etc - use all the vulnerable vectors you can to spread an antivirus. It goes and tries to remove any viruses it can find and occaisonally calls back to some central server for an updated list on new threats and how to combat them.

      Not a perfect s

      • by takowl (905807)
        Plus patching any known security holes? Interesting idea. I think the trouble is funding/motivation: both virus and antivirus writers usually do it for profit, and it would take time and effort to keep it up to date. Since it would be, at best, dubiously legal, it probably couldn't be sponsored by any company, so it would have to be a guerilla effort. And the people who could write it mostly wouldn't benefit (except perhaps that they'd spend less time cleaning their families computers...).
      • Re: (Score:3, Interesting)

        by vlueboy (1799360)

        Besides the null legality of infecting PC's with legit antivirus software for the greater good, there is a secondary problem.
        Any tech-savvy user with their own AV solution, will most likely see their PC acquire a second set of system-hogging antivirus software. Ever installed two concurrent firewalls on your PC and saw that neither one complained? Yup, don't expect coders to make the right assumptions.

        You might instead have chosen to stop using ANY antivirus --then you get mad this virusy antivirus has to k

        • Any tech-savvy user won't be infected by the antivirus anymore than they'd be infected by a regular virus. That's the beauty of it.

          The great thing about it is that even if it annoys you that you keep getting infected by it - you can at least rest knowing that its not trying to steal your information, you're safer battling to get the antivirus off your machine than you would be battling to get a regular virus off your machine.

      • Re: (Score:3, Insightful)

        by hedwards (940851)
        That's an extremely bad idea. At the end of the day it would end up being exploited by crackers and in the best case it would give people the idea that if they don't secure their computers that somebody will do it for them.

        In some parts of the world, they do things like that for lawns. If you don't mow your lawn frequently enough, the local council will have somebody do it for you, then send you a bill for the work. Not saying, I agree with it, but it does work. In meatspace, on the net, there's any numb
    • by Tarlus (1000874)

      cue /. superiority complex...

      Wait, I know this one! *Ahem*...

      Pffft. I never have to deal with these sorts of things on my Mac/Linux/BSD computer!

      Did I do it right?

    • by Sockatume (732728)

      I read an argument recently (maybe on Language Log of all places) that this was an example of intelligence being disadvantage. Having a general awareness of the threats represented by viruses is a requisite for vulnerability to the scam, while someone completely ignorant of computer threats wouldn't be susceptible. Sort of the scam-art equivalent of the uncanny valley.

      • by Anrego (830717) *

        Dunno if I agree with that argument.

        Most scams are pretty good about educating you on the product .. it's part of the scar tactic:

        There may be a VIRUS on your computer.. RIGHT NOW!

        A VIRUS can DELETE YOUR WORK or STEAL YOUR PRIVATE INFORMATION!

        Here.. let me check if you have any..

        Yup.. found a whole bunch... the following files are currently infected AT THIS MOMENT:

        C:\My Documents\
        C:\System\
        C:\Windows\

        Don't worry though.. download MakeThisGoAwaySoICanGetBackToFarmville.exe to fix the problem. You'll probably

        • by Anrego (830717) *

          Wow.. thats some bad typo action, even for me!

          * Most scams are pretty good about educating you on the threat.. it's part of the scare tactic:

      • Having a general awareness of the threats represented by viruses is a requisite for vulnerability to the scam, while someone completely ignorant of computer threats wouldn't be susceptible.

        The pop up comes up and the completely ignorant doesn't click on "Install" because he doesn't have an awareness of the threat, so he clicks on "No thanks." Too bad that ALSO INFECTS HIS MACHINE.

        The ones I've seen install on any client click. Only hard powering (hold the power button for 10 seconds) will prevent infection at this point, so the completely ignorant are NOT going to be safe.

    • by Sir_Sri (199544)

      How about just letting MS put security essentials onto your computer as part of regular windows updates? You could even set it up to remove fake antivirus products automatically. And if it accidentally breaks a legitimate one, at least you have MSE on there, which may (or may not) be as good as whatever it removed but it's better than millions of people with fake AV's.

      Or how about a walled garden security store in windows? If you want access you have to be approved for the national app store by the gove

  • by Flipao (903929) on Monday November 15, 2010 @11:31AM (#34231662)
    You gotta give it to companies like McAffee, Symantec, etc... they know how to scare people into handing over money so they are "protected". It was only a matter of time before people started to copy their methods.
    • by Sockatume (732728)

      The scam isn't merely getting them to pay for un-needed antivirus software, it's installing a trojan which enables them to grab people's bank details.

  • So, uh... (Score:3, Insightful)

    by Anrego (830717) * on Monday November 15, 2010 @11:32AM (#34231676)

    This article really was an eye opener!

    Who would have thought that a large percentage of windows users are not technically inclined and easily tricked by scary looking windows!

    Rumour has it that scissors can be fairly sharp, and fire is damn hot sometimes.

    Also.. _really_ old news. This scam has been around for at least a decade. It followed closely on the success of the "YOU HAvE ONE URGENT MESSAGE" banner ad.

    • by Sockatume (732728)

      I think the cold-calling aspect is relatively new, no?

  • “There's a sucker born every minute”

    Sorry, but this will NEVER go away. It's not new, it's been around for 80,000 years.

    A news flash that people are easily suckered is not news to anyone.

  • by benjfowler (239527) on Monday November 15, 2010 @11:41AM (#34231760)

    Colour me surprised.

    I recently had to install Windows 7 at home, and decided to put Norton AV on my machine. I boot up on Windows roughly once every couple of weeks to run a specific application. So I notice Norton AV popping up loads of windows, running it's intrusive update process about bombarding me with scary looking crap prompting me to read about the "latest security threats from cyber-criminals". Hair-raising stuff, especially if you're not a computer specialist.

    I'm an IT professional, and _I_ find this behaviour sleazy, unethical, annoying and slightly alarming. This is a product I paid GOOD MONEY FOR. I'm PAYING to be bullied, essentially.

    So I can just imagine the average user being bullied and terrified by this crap... which is not only enriching the AV vendors, but also making regular folk like lambs to the slaughter for the forces of evil out there.

    I'd say that the consumer, criminals and the AV companies are really inhabitants of one ecosystem: prey, parasites and predators respectively.

    • by vlm (69642)

      This is a product I paid GOOD MONEY FOR. I'm PAYING to be bullied, essentially.

      They're stealing the patented business patented model from the airlines!

    • by DeadboltX (751907)
      Sorry, but your story doesn't add up.

      You claim to be an IT professional, but you willingly decided to put Norton on your own machine?
      • [rimshot]

        I know AV is worthless, but it's still better than going naked. I had a legal copy of it lying around, so I went with that. Otherwise, I might've reached for something a bit faster and more reputable, e.g. Sophos, Kaspersky.

  • by Call Me Black Cloud (616282) on Monday November 15, 2010 @12:02PM (#34232000)

    This is why I use gopher.
  • However, she is on a Mac, so I *presume* she is safe, except for her credit card number, which she did enter in order to buy the software. I told her to cancel her credit card and she did that and they issued her a new one. It is correct that she has no worries from the downloaded software, right? These things are always Windows-only, right? Just want to make absolutely sure. Or is there some way for them to hack her account given that she provided a credit card, and probably address and such?

  • Fake AV has been around for a long time. My father fell for one of those "your system is infected" ads 5+ years ago, and I had to spend an afternoon cleaning out the crapware he bought and installed when he clicked through. Fortunately all he was out was the $40 or so for the "product"; we scanned his system with some real AV and anti-malware/spyware products to remove all the junk that piggybacked its way in, and nothing more ever came of it.
  • by formfeed (703859) on Monday November 15, 2010 @12:22PM (#34232346)
    If you have a lot of files ending on ".dll", chances are pretty high that you have software on your system that might be harmful.
  • Dumbasses world wide have been tricked into clicking malware! And--AND HERE IS THE MOST FASCINATING PART--the malware peddlers lie to the users, telling them that they are going to scan for viruses!

  • by otherniceman (180671) on Monday November 15, 2010 @01:48PM (#34233720)

    My mother kept receiving calls from some company claiming to be IT support and trying to get her to visit a website to update her machine as there records show it being infected. She always says that my son deals with that sort of thing and she will just not switch the computer on until I have checked it. One day they called while I was there so I spoke to them, they always mumbled the name of the company, I asked them for their company registration number as I needed to check they are a legitimate company. They try to get me to visit there website where I can see that they are legitimate, eventually they give me a number which was about 12 digits too long for a company registration number I tell them I can't find anything about them at Companies House and eventually they give.

Eureka! -- Archimedes

Working...