Source: AskBobRankin.com
Scareware is a form of Malware
Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software. Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics. Scareware is also frequently marketed on cable and satellite TV channels in commercials and short infomercials by many different companies and product names, prompting viewers to go to a web site and to download and install their “free utilities”.
What is labeled as Scareware?
The "scareware" label applies to any application or virus which pranks users with intent to cause anxiety or panic. A tactic frequently used by scareware makers involves convincing users that a virus has infected their computer, then suggesting that they download and pay for fake antivirus software to remove it. Usually, the virus is entirely fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs. Today, scareware is found all over the web, in social networks, free gaming sites, as well as sites offering "free" music and video downloads, etc.
How does Scareware work?
Scareware generates pop-ups that resemble Windows system messages, which often look like legitimate Windows security programs, such as antivirus or antispyware software, a firewall application or a registry cleaner. The typical messages warn you about a large number of problems, such as infected files that have been found on the computer, and you're prompted to purchase software to fix the problems. Frequently, the message window has a “click-jacking” feature that either takes you to the scareware maker's web site for purchasing, or you initiate a malware download if you click "Cancel" or the "X" to close the window. In reality, no problems actually exist on your computer, and the suggested software purchase may actually contain real malware. If you fall for the scam, you will lose the money you pay for the useless software and you may also crash your computer or make it unusable.
Ascentive is a perfect example...
Ascentive LLC is a well known scareware marketer based in Philadelphia, Pennsylvania, and the company has been the target of many class-action lawsuits. The company offers a variety of products and services that supposedly eliminate spyware, malware and other undesirable programs. In addition, Ascentive sells “optimizing” software products that claim to maximize the performance of a personal computer. Ascentive offers free trials for almost all of its products and provides software updates and replacements, and customer support as well. Ascentive has reportedly received various awards and accolades from several industry publications.
Some of you may remember the annoying “Finallyfast” late-night TV commercials that used to be aired frequently a few years ago, and Finallyfast was an Ascentive product. Many people have been fooled by Ascentive's product claims over the years, and despite the number of class-action lawsuits against them, I simply don't understand why this company has not been shut down indefinitely!
Some of you may remember the annoying “Finallyfast” late-night TV commercials that used to be aired frequently a few years ago, and Finallyfast was an Ascentive product. Many people have been fooled by Ascentive's product claims over the years, and despite the number of class-action lawsuits against them, I simply don't understand why this company has not been shut down indefinitely!
Covering their evil tracks?
Ascentive didn't like the fact that many of their ripped-off customers posted complaints about their company on the PissedConsumer web site. So in November 2010, Ascentive LLC filed a preliminary injunction motion against PissedConsumer in United Stated District Court, Eastern District of New York contending that it suffered irreparable injury to its brand and business reputation at the hands of PissedConsumer, as well as loss of revenue. PissedConsumer and its attorneys vehemently denied Ascentive's allegations and opposed Ascentive's preliminary injunction filing.
Class-action lawsuits
In January 2011, Ascentive LLC was named as a defendant in a class action lawsuit filed in the United States District Court, Eastern District of Pennsylvania by David Senoff with Caroselli, Beachler, McTiernan & Conboy. The lawsuit alleged that Ascentive designed its software to defraud consumers by deceiving them into paying fees to fix fabricated and/or overstated computer problems. In the simplest terms, Ascentive always claims that a user's PC has errors, regardless of whether they exist or not. The Washington State Office of the Attorney General reported that Ascentive LLC agreed to refund thousands of Washington consumers under a settlement agreement with the State via the Attorney General's complaint against Ascentive, and that Ascentive agreed to a number of restrictions on its marketing and billing practices. In addition, Ascentive agreed to provide restitution to consumers who purchased both a backup CD and the company's Extended Download Service but did not use them. The Attorney General's Office estimated that about 5,500 consumers were eligible for refunds of about $17.90 plus tax. Ascentive also had to pay a $20,000 civil penalty, plus $58,000 to reimburse the Attorney General's Office for attorneys' fees and legal costs.
Also in January 2011, a $9.6M class-action lawsuit entitled Douglas Ledet v. Ascentive was filed against Ascentive in the U.S. District Court for the Eastern District of Pennsylvania, which accused them of using pop-ups and other online ads to scare consumers into purchasing unneeded software to fix fabricated and overstated computer problems. Plaintiff Douglass Ledet alleged that Ascentive falsely identifies computer problems and characterizes them as “severe”, and that Ascentive used scareware tactics to trick consumers into thinking their computers were infected with spyware. Ascentive advertised that its software would diagnose computer problems, but instead it secretly installed an application that sent pop-up ads warning users they have spyware, recommending that consumers purchase the software for $29.95 to rid their computers of spyware and other problems. Also, Ascentive didn’t actually sell the software to consumers, but licensed it to users for one year and renewed their subscriptions without adequate notice. Of course, Ascentive denied the allegations, but agreed to the class action lawsuit settlement to avoid ongoing litigation.
Also in January 2011, a $9.6M class-action lawsuit entitled Douglas Ledet v. Ascentive was filed against Ascentive in the U.S. District Court for the Eastern District of Pennsylvania, which accused them of using pop-ups and other online ads to scare consumers into purchasing unneeded software to fix fabricated and overstated computer problems. Plaintiff Douglass Ledet alleged that Ascentive falsely identifies computer problems and characterizes them as “severe”, and that Ascentive used scareware tactics to trick consumers into thinking their computers were infected with spyware. Ascentive advertised that its software would diagnose computer problems, but instead it secretly installed an application that sent pop-up ads warning users they have spyware, recommending that consumers purchase the software for $29.95 to rid their computers of spyware and other problems. Also, Ascentive didn’t actually sell the software to consumers, but licensed it to users for one year and renewed their subscriptions without adequate notice. Of course, Ascentive denied the allegations, but agreed to the class action lawsuit settlement to avoid ongoing litigation.
Beware of Ascentive's products!
Despite the mountain of lawsuits and allegations against Ascentive, they continue to market their scareware today! Here's a list of Ascentive's scareware products that I've seen in customers' computers on my house calls, beware of them (and products by other online companies that make the same or similar claims)...
- ActiveSpeed - claims to speed up your internet connection.
- PC SpeedScan Pro - claims to speed up a slow computer and to repair the Windows Registry.
- PC Scan & Sweep - claims to remove junk files from your computer.
- Spyware Striker - claims to remove viruses and adware.
- BeAware - claims to monitor your computer when you're not around.
- RAMrocket - claims to free up RAM with memory management software.
- WinRocket - claims to boost your computer's startup speed.
- Mac Scan & Sweep - claims to be a performance scanner and junk removal program for Macs.
What's worse? Ascentive is not the only game in town!
In 2005, Microsoft and Washington State successfully sued Secure Computer (makers of Spyware Cleaner) for $1 million over charges of using scareware pop-ups. Washington's attorney general also brought lawsuits against Securelink Networks, High Falls Media and the makers of Quick Shield.
In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the Registry Cleaner XP scareware. The lawsuit alleged that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.
On December 2, 2008, the U.S. Federal Trade Commission (“FTC”) filed a Complaint in federal court against Innovative Marketing, Inc., ByteHosting Internet Services, LLC, as well as a list of individuals. The FTC alleged that the other Defendants violated the FTC Act by deceptively marketing software, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. According to the complaint, the Defendants falsely represented that scans of a consumer’s computer showed that it is had been compromised or infected and then offered to sell software to fix the alleged problems. The FTC alleged that the unlawful conduct netted the Defendants more than $100 million.
In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the Registry Cleaner XP scareware. The lawsuit alleged that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.
On December 2, 2008, the U.S. Federal Trade Commission (“FTC”) filed a Complaint in federal court against Innovative Marketing, Inc., ByteHosting Internet Services, LLC, as well as a list of individuals. The FTC alleged that the other Defendants violated the FTC Act by deceptively marketing software, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. According to the complaint, the Defendants falsely represented that scans of a consumer’s computer showed that it is had been compromised or infected and then offered to sell software to fix the alleged problems. The FTC alleged that the unlawful conduct netted the Defendants more than $100 million.
How to protect yourself against Scareware
It's pretty simple: Don't believe the hype! If you you encounter suspicious pop-ups while using the internet, claiming that there are problems or errors in your Windows Registry, or that you have viruses or errors in your computer, etc, you should right-click on the item in the task bar and select "Close", or press Ctrl-Alt-Delete and manually close your browser. Then, immediately perform full system scans with your real antivirus and anti-spyware programs to ensure that nothing bad was installed on your computer. Have a local computer professional clean up your computer regularly to protect your system from future attempts.
No comments:
Post a Comment