Vulnerabilities / Threats
9/29/2008
02:31 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft, Washington State Launch Legal Assault On Scareware

The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.

Microsoft and the state of Washington are trying scare scareware distributors so they'll stop defrauding consumers.

In conjunction with five "John Doe" lawsuits Microsoft recently filed against alleged scareware vendors and two previous ones from February, Washington State Attorney General Rob McKenna joined Richard Boscovich, senior attorney for Microsoft's Internet safety enforcement team, at a Seattle press conference to announce a new civil suit against James Reed McCreary IV of The Woodlands, Texas, and two companies he runs -- Branch Software and Alpha Red -- for selling scareware known as Registry Cleaner XP.

Registry Cleaner XP qualifies as scareware because it allegedly identifies nonexistent security vulnerabilities in order to dupe victims into buying fraudulent security mitigation services. Scareware is generally regarded to be a form of spyware.

By misusing the Windows Messenger Service, a protocol designed to allow administrators to send messages over a network, McCreary and his companies have been delivering pop-up ads to computer users who have not chosen to disable such messages, according to the legal complaint.

These pop-up ads look like Windows system messages and falsely claim that a critical system error has occurred. The ads claim that a visit to the Registry Cleaner XP site can fix the problem, at a cost of $39.95.

"Through alarmist language seemingly delivered from a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the complaint states. "...This misrepresentation of 'critical errors' on users' computers induces the consumers to purchase the Defendants' product, which must be used in order to 'repair' the 'errors.' "

"The Attorney General's Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them," McKenna said in a statement. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist."

The case against McCreary is being brought under Washington state's recently updated Computer Spyware Act. The law was recently updated to create liability for third-party transmission of spyware and to encompass scareware tactics, like fraudulently asserting the need for computer repairs.

Microsoft has a strong incentive to curtail spyware: About 50% of its customer-support calls come from spyware-related crashes, according to the company.

Eric L. Howes, director of malware research at Sunbelt Software, said in e-mail the lawsuit against Registry Cleaner XP is welcome but that the program is far from the most pervasive or dangerous scareware application out there at the moment.

Indeed, there are many dozens of fake security software sites out there, as can be seen from a recent blog post by Dancho Danchev, a computer security consultant.

In contrast to malware that attempts to exploit security vulnerabilities, a greater technical challenge that's more prone to countermeasures, Howes observes that social engineering attacks like scareware scams have been proven to work and have done so for years.

"Social engineering scams that exploit the fear and ignorance of users can work time and again with only a little tweaking and adjustment from instance to instance," said Howes. "Plus, social engineering neatly bypasses so much security software, because it effectively tricks the user into treating malicious software as a welcome guest on the PC."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: PGA GO! allows me to work on my drive and putt at the office.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.