Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/29/2008
02:31 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft, Washington State Launch Legal Assault On Scareware

The lawsuit against Registry Cleaner XP is trying to halt pop-up ads that look like Windows system messages and falsely claim that a critical system error has occurred.

Microsoft and the state of Washington are trying scare scareware distributors so they'll stop defrauding consumers.

In conjunction with five "John Doe" lawsuits Microsoft recently filed against alleged scareware vendors and two previous ones from February, Washington State Attorney General Rob McKenna joined Richard Boscovich, senior attorney for Microsoft's Internet safety enforcement team, at a Seattle press conference to announce a new civil suit against James Reed McCreary IV of The Woodlands, Texas, and two companies he runs -- Branch Software and Alpha Red -- for selling scareware known as Registry Cleaner XP.

Registry Cleaner XP qualifies as scareware because it allegedly identifies nonexistent security vulnerabilities in order to dupe victims into buying fraudulent security mitigation services. Scareware is generally regarded to be a form of spyware.

By misusing the Windows Messenger Service, a protocol designed to allow administrators to send messages over a network, McCreary and his companies have been delivering pop-up ads to computer users who have not chosen to disable such messages, according to the legal complaint.

These pop-up ads look like Windows system messages and falsely claim that a critical system error has occurred. The ads claim that a visit to the Registry Cleaner XP site can fix the problem, at a cost of $39.95.

"Through alarmist language seemingly delivered from a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the complaint states. "...This misrepresentation of 'critical errors' on users' computers induces the consumers to purchase the Defendants' product, which must be used in order to 'repair' the 'errors.' "

"The Attorney General's Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them," McKenna said in a statement. "We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist."

The case against McCreary is being brought under Washington state's recently updated Computer Spyware Act. The law was recently updated to create liability for third-party transmission of spyware and to encompass scareware tactics, like fraudulently asserting the need for computer repairs.

Microsoft has a strong incentive to curtail spyware: About 50% of its customer-support calls come from spyware-related crashes, according to the company.

Eric L. Howes, director of malware research at Sunbelt Software, said in e-mail the lawsuit against Registry Cleaner XP is welcome but that the program is far from the most pervasive or dangerous scareware application out there at the moment.

Indeed, there are many dozens of fake security software sites out there, as can be seen from a recent blog post by Dancho Danchev, a computer security consultant.

In contrast to malware that attempts to exploit security vulnerabilities, a greater technical challenge that's more prone to countermeasures, Howes observes that social engineering attacks like scareware scams have been proven to work and have done so for years.

"Social engineering scams that exploit the fear and ignorance of users can work time and again with only a little tweaking and adjustment from instance to instance," said Howes. "Plus, social engineering neatly bypasses so much security software, because it effectively tricks the user into treating malicious software as a welcome guest on the PC."

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14499
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
CVE-2020-14501
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also ...
CVE-2020-14503
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
CVE-2020-14497
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
CVE-2020-14505
PUBLISHED: 2020-07-15
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that create...