Science and Technology News

Wednesday, June 22, 2011

'Scareware' Distributors Targeted

12 Nations Coordinate Anti-Cyber Crime Effort

One of the most widespread types of cyber scam being perpetrated against consumers these days involves “scareware”—those pop-up messages you see on your computer saying you’ve got a virus and all you have to do to get rid of it is buy the antivirus software being advertised.

And if you don’t buy it? The pop-ups continue unabated, and in some instances, the scareware renders all of the information on your computer inaccessible.

But today, the Department of Justice and the FBI announced “Operation Trident Tribunal,” a coordinated, international law enforcement action that disrupted the activities of two international cyber crime rings involved in the sale of scareware. The groups are believed responsible for victimizing more than one million computer users and causing more than $74 million in total losses.

What is Scareware?
Scareware is malicious software that poses as legitimate computer security software and claims to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase the scareware in order to repair their computers and are barraged with aggressive and disruptive notifications until they supply their credit card number and pay up to $129 for the worthless scareware product.

Scam #1: The FBI’s Seattle office began looking into a scareware scam that ultimately claimed an estimated 960,000 victims who lost a total of $72 million. Investigators discovered a variety of ruses used to infect computers with scareware, including consumers being directed to webpages featuring fake computer scans. Once their computers were infected with the malicious software, victims began being notified by pop-ups that their machines had all sorts of viruses and they should buy the antivirus software being advertised—at a price of up to $129.

Scam #2: The FBI’s Minneapolis office initiated an investigation into an international criminal group using online advertising to spread its scareware product, a tactic known as “malvertising.” According to a federal indictment unsealed today, the two individuals charged created a phony advertising agency and claimed to represent a hotel chain that wanted to purchase online advertising space on a Minneapolis newspaper’s website. After the ad was verified by the paper and posted, the defendants changed the ad’s computer code so that visitors to the site became infected with a malicious software program that launched scareware on their computers. That scheme resulted in losses of about of about $2 million to its victims.

In a true reflection of the international nature of cyber crime, “Trident Tribunal” was the result of significant cooperation among 12 nations: Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Lithuania, Romania, Canada, Sweden, the United Kingdom, and the U.S. So far, the case has resulted in two arrests abroad, along with the seizure of more than 40 computers, servers, and bank accounts. Because of the magnitude of the schemes, law enforcement agencies here and abroad are continuing their investigative efforts.

How to spot scareware on your own computer:
■Scareware pop-ups may look like actual warnings from your system, but upon closer inspection, some elements aren’t fully functional. For instance, to appear authentic, you may see a list of reputable icons—like software companies or security publications—but you can’t click through to go to those actual sites.
■Scareware pop-ups are hard to close, even after clicking on the “Close” or “X” button.
■Fake antivirus products are designed to appear legitimate, with names such as Virus Shield, Antivirus, or VirusRemover. 
And to avoid being victimized, make sure your computer is using legitimate, up-to-date antivirus software, which can help detect and remove fraudulent scareware products.

Highlights:

- More than 1 million victims incurred over $74 million in actual losses;
- Two subjects arrested;
- More than 40 computers, servers, and bank accounts seized;
- 12 countries participating, including United States, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the United Kingdom

No comments:

Post a Comment