Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/29/2008
02:31 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft, Washington State Launch Legal Assault On Scareware

The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.

Microsoft and the state of Washington are trying scare scareware distributors so they'll stop defrauding consumers.

In conjunction with five "John Doe" lawsuits Microsoft recently filed against alleged scareware vendors and two previous ones from February, Washington State Attorney General Rob McKenna joined Richard Boscovich, senior attorney for Microsoft's Internet safety enforcement team, at a Seattle press conference to announce a new civil suit against James Reed McCreary IV of The Woodlands, Texas, and two companies he runs -- Branch Software and Alpha Red -- for selling scareware known as Registry Cleaner XP.

Registry Cleaner XP qualifies as scareware because it allegedly identifies nonexistent security vulnerabilities in order to dupe victims into buying fraudulent security mitigation services. Scareware is generally regarded to be a form of spyware.

By misusing the Windows Messenger Service, a protocol designed to allow administrators to send messages over a network, McCreary and his companies have been delivering pop-up ads to computer users who have not chosen to disable such messages, according to the legal complaint.

These pop-up ads look like Windows system messages and falsely claim that a critical system error has occurred. The ads claim that a visit to the Registry Cleaner XP site can fix the problem, at a cost of $39.95.

"Through alarmist language seemingly delivered from a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the complaint states. "...This misrepresentation of 'critical errors' on users' computers induces the consumers to purchase the Defendants' product, which must be used in order to 'repair' the 'errors.' "

"The Attorney General's Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them," McKenna said in a statement. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist."

The case against McCreary is being brought under Washington state's recently updated Computer Spyware Act. The law was recently updated to create liability for third-party transmission of spyware and to encompass scareware tactics, like fraudulently asserting the need for computer repairs.

Microsoft has a strong incentive to curtail spyware: About 50% of its customer-support calls come from spyware-related crashes, according to the company.

Eric L. Howes, director of malware research at Sunbelt Software, said in e-mail the lawsuit against Registry Cleaner XP is welcome but that the program is far from the most pervasive or dangerous scareware application out there at the moment.

Indeed, there are many dozens of fake security software sites out there, as can be seen from a recent blog post by Dancho Danchev, a computer security consultant.

In contrast to malware that attempts to exploit security vulnerabilities, a greater technical challenge that's more prone to countermeasures, Howes observes that social engineering attacks like scareware scams have been proven to work and have done so for years.

"Social engineering scams that exploit the fear and ignorance of users can work time and again with only a little tweaking and adjustment from instance to instance," said Howes. "Plus, social engineering neatly bypasses so much security software, because it effectively tricks the user into treating malicious software as a welcome guest on the PC."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19589
PUBLISHED: 2019-12-05
The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives.
CVE-2019-19597
PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
CVE-2019-19598
PUBLISHED: 2019-12-05
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to t...
CVE-2019-19596
PUBLISHED: 2019-12-05
GitBook through 2.6.9 allows XSS via a local .md file.
CVE-2019-19590
PUBLISHED: 2019-12-05
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote at...