Saturday, April 30, 2011

Trick and No Treat with Scareware - Part 1

According the latest research in the last two years, scareware (aka fake security software), emerged as the single most profitable scam strategy for cybercriminals. Thousands of users fall victim to the scam on a daily basis, and the gangs or organized crime syndicates themselves earning hundreds of thousands of dollars in the process.

What is scareware? In simple terms it is fake security software masquerading as a legitimately looking security application. Scareware is usually delivered to the end user through a compromised web site. A user will visit a web site, and it can be a legitimate web site, then the user will click on a link or advertisement. By doing so the scareware gets downloaded to the user's computer.

Once downloaded to a user's computer, scareware will not only prevent legitimate security software from starting, but it will also prevent it from reaching its update locations in an attempt to ensure that the security application will not be able to get the latest signatures database. When this happens your anti-virus application will not even recognize the scareware infection. Moreover, scareware will also attempt to make its removal a time-consuming process by blocking system tools and third-party applications that can be used to remove the infection.

There have also been cases where scareware is actually better described as "ransomware" which encrypts an infected user’s files, preventing the user from accessing their files. Then the scareware demands a purchase in order to decrypt the files.

In the next blog posts I'll go into more detail on how to prevent Scareware from getting onto your system, how to recognize scareware versus a legitimate protection application, and how to get rid of scareware if it gets on your computer....

Stay tuned!