Phone: (706) 737–1484 | Fax: (706) 737–1486
Located in University Hall

Headline Image

Scareware – Accept their offer and keep paying for it

June 30, 2009 | By Damon Armour, IT Security Officer

 

Posing as a legitimate security and anti-virus software, scareware is a new breed of scam software growing at a prolific rate, and it is considered to be one of the largest growing threats among PC users.

In many cases, the software uses anxiety tactics to convince a user to purchase a product that will remove a virus. However, the scareware does the opposite and can be used as a malware product, software designed to destroy computer systems, to cause interruption of service, and/or collect your personal information.

Scareware can appear in various ways such as applications that claim they are necessary to remove an infection from your computer, others that offer assistance in cleaning up registry flaws in Windows, and those that offer to make a user feel their computer does not have adequate firewall protection. It can be transmitted to users via email spam messages, spyware infected web browsers or pop-up ads, and through social networking sites.

Morphing from scareware is the destructive software ransomware. According to Wikipedia, it is a form of malware that holds the computer, including the data on the computer, ransom until its demand is met. The effects that can be caused by the software include the disabling of features of your computer or the encrypting of data files so you do not have access to them.

The motivation for scareware providers is profit. By using the tactics of fear and ignorance, they prey on their victims' wallets. By persuading the user to purchase this product, a deadly recurring chain of events is bound to happen to defraud you of your money. "It’s like stepping into quicksand," says Paul Royal, a senior researcher at Purewire Web Security Service. "The more you try to get out of it, the deeper you sink."

The threat of scareware has grown recently due to the spread of social networking services and our growing reliance on search engine technology. According to Anti-phishing Working Group, scareware has increased up to 48% from the first half of last year to the end of the year. There are roughly 9,200 variants of scareware available, where only 2,800 existed early last year. These numbers continue to show how scareware has found a niche and will continue to grow.

Education is the primary weapon against such malicious applications. There are only so many technological controls that can be put into place before they become a hindrance to progress. A primary task every user should take is to ensure your computers are being patched. This would include the operating system (Windows, Linux, Mac OS), Office applications, and other applications such as Java client, Adobe products, etc. Continued use of antivirus/security suite packages from a trusted vendor is essential. Maintaining up-to-date definitions is required for the tools to be effective. Lastly, use what I referred to earlier as web vigilance. Be mindful of your actions online, and be skeptical of prompts that warn of impending doom. Use the power of your social network to assist in areas that you are unsure of and, of course, call the ITS Helpdesk (x1482) if you suspect something is amiss and need assistance.

Contact me with questions or comments at darmour@aug.edu.

Resources:
USA Today – Scareware’s pitches for fake security show up in odd places
http://www.usatoday.com/tech/news/2009-06-09-cybergangs-scareware-hackers_N.htm

Anti-phishing Working Group
http://www.antiphishing.org/

McAfee - Scareware Turns into Ransomware
http://www.spamfighter.com/News-12432-McAfee-Scareware-Turns-into-Ransomware.htm

Top