Feds crack multi-million scareware ring
Some of you have experienced this misfortune of getting what we call “scare-ware” or rogueware. It is an unwanted piece of software that gets installed on your computer, without your permission (or knowledge, usually), that displays a authentic-looking screen on your computer that tells you you’re infected with hundreds of bad things, and then wants you to pay some money to clean up the problem.
We call it rogue-ware because it is software that pretends to be anti-virus or anti-malware software, but is actually a bad program itself. It looks very authentic, but is actually an example of the problem.
Here’s a bit of good news. The FBI and Department of Justice have cracked an international ring behind one of these infections. 22-year-old Peteris Sahurovs and 23-year-old Marina Maslobojeva were arrested in Latvia on charges made in court in Minnesota. They created a malware infection that is estimated to have infected almost a million computers and netted them about $72 million. People ask me why people create virus and malware software, and the answer is, these days, “They do it for the money.” It certainly was for the money in this case.
You can read an article about the case at http://www.theregister.co.uk/2011/06/23/fbi_scareware_arrests/
The short answer of how it worked is this: they bought banner ads to be placed on respected websites. Then they changed the content of the banner ad to be the malware-installer. When people saw the ad in their browser, they could get infected if their anti-virus protection software was not successful at stopping the installation.
Its good that these guys are arrested; but the problem isn’t going away just because these guys are out of commission for a while. There’s lots of others that are behind other infections. News that they made $72 million is sure to inspire others, as well.
It can be very difficult to tell these fake warnings from real warnings, because the authors typically do a very good job of emulating the look and feel of real programs. It remains important to have a good AV program installed and to keep it up-to-date.