Vulnerabilities / Threats
9/29/2008
02:31 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Microsoft, Washington State Launch Legal Assault On Scareware

The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.

Microsoft and the state of Washington are trying scare scareware distributors so they'll stop defrauding consumers.

In conjunction with five "John Doe" lawsuits Microsoft recently filed against alleged scareware vendors and two previous ones from February, Washington State Attorney General Rob McKenna joined Richard Boscovich, senior attorney for Microsoft's Internet safety enforcement team, at a Seattle press conference to announce a new civil suit against James Reed McCreary IV of The Woodlands, Texas, and two companies he runs -- Branch Software and Alpha Red -- for selling scareware known as Registry Cleaner XP.

Registry Cleaner XP qualifies as scareware because it allegedly identifies nonexistent security vulnerabilities in order to dupe victims into buying fraudulent security mitigation services. Scareware is generally regarded to be a form of spyware.

By misusing the Windows Messenger Service, a protocol designed to allow administrators to send messages over a network, McCreary and his companies have been delivering pop-up ads to computer users who have not chosen to disable such messages, according to the legal complaint.

These pop-up ads look like Windows system messages and falsely claim that a critical system error has occurred. The ads claim that a visit to the Registry Cleaner XP site can fix the problem, at a cost of $39.95.

"Through alarmist language seemingly delivered from a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the complaint states. "...This misrepresentation of 'critical errors' on users' computers induces the consumers to purchase the Defendants' product, which must be used in order to 'repair' the 'errors.' "

"The Attorney General's Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them," McKenna said in a statement. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist."

The case against McCreary is being brought under Washington state's recently updated Computer Spyware Act. The law was recently updated to create liability for third-party transmission of spyware and to encompass scareware tactics, like fraudulently asserting the need for computer repairs.

Microsoft has a strong incentive to curtail spyware: About 50% of its customer-support calls come from spyware-related crashes, according to the company.

Eric L. Howes, director of malware research at Sunbelt Software, said in e-mail the lawsuit against Registry Cleaner XP is welcome but that the program is far from the most pervasive or dangerous scareware application out there at the moment.

Indeed, there are many dozens of fake security software sites out there, as can be seen from a recent blog post by Dancho Danchev, a computer security consultant.

In contrast to malware that attempts to exploit security vulnerabilities, a greater technical challenge that's more prone to countermeasures, Howes observes that social engineering attacks like scareware scams have been proven to work and have done so for years.

"Social engineering scams that exploit the fear and ignorance of users can work time and again with only a little tweaking and adjustment from instance to instance," said Howes. "Plus, social engineering neatly bypasses so much security software, because it effectively tricks the user into treating malicious software as a welcome guest on the PC."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7484
Published: 2014-10-20
The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7485
Published: 2014-10-20
The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7486
Published: 2014-10-20
The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7487
Published: 2014-10-20
The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7488
Published: 2014-10-20
The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.