Vulnerabilities / Threats
9/29/2008
02:31 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Microsoft, Washington State Launch Legal Assault On Scareware

The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.

Microsoft and the state of Washington are trying scare scareware distributors so they'll stop defrauding consumers.

In conjunction with five "John Doe" lawsuits Microsoft recently filed against alleged scareware vendors and two previous ones from February, Washington State Attorney General Rob McKenna joined Richard Boscovich, senior attorney for Microsoft's Internet safety enforcement team, at a Seattle press conference to announce a new civil suit against James Reed McCreary IV of The Woodlands, Texas, and two companies he runs -- Branch Software and Alpha Red -- for selling scareware known as Registry Cleaner XP.

Registry Cleaner XP qualifies as scareware because it allegedly identifies nonexistent security vulnerabilities in order to dupe victims into buying fraudulent security mitigation services. Scareware is generally regarded to be a form of spyware.

By misusing the Windows Messenger Service, a protocol designed to allow administrators to send messages over a network, McCreary and his companies have been delivering pop-up ads to computer users who have not chosen to disable such messages, according to the legal complaint.

These pop-up ads look like Windows system messages and falsely claim that a critical system error has occurred. The ads claim that a visit to the Registry Cleaner XP site can fix the problem, at a cost of $39.95.

"Through alarmist language seemingly delivered from a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the complaint states. "...This misrepresentation of 'critical errors' on users' computers induces the consumers to purchase the Defendants' product, which must be used in order to 'repair' the 'errors.' "

"The Attorney General's Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them," McKenna said in a statement. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist."

The case against McCreary is being brought under Washington state's recently updated Computer Spyware Act. The law was recently updated to create liability for third-party transmission of spyware and to encompass scareware tactics, like fraudulently asserting the need for computer repairs.

Microsoft has a strong incentive to curtail spyware: About 50% of its customer-support calls come from spyware-related crashes, according to the company.

Eric L. Howes, director of malware research at Sunbelt Software, said in e-mail the lawsuit against Registry Cleaner XP is welcome but that the program is far from the most pervasive or dangerous scareware application out there at the moment.

Indeed, there are many dozens of fake security software sites out there, as can be seen from a recent blog post by Dancho Danchev, a computer security consultant.

In contrast to malware that attempts to exploit security vulnerabilities, a greater technical challenge that's more prone to countermeasures, Howes observes that social engineering attacks like scareware scams have been proven to work and have done so for years.

"Social engineering scams that exploit the fear and ignorance of users can work time and again with only a little tweaking and adjustment from instance to instance," said Howes. "Plus, social engineering neatly bypasses so much security software, because it effectively tricks the user into treating malicious software as a welcome guest on the PC."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web