September 18, 2009

Microsoft sues scareware scammers

Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

The company is suing DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, saying that these companies have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users," according to a blog posting by Tim Cranton, associate general counsel with Microsoft.

Scareware is malicious or ineffective software. It's so named because buyers are usually scared into buying it with fake messages that tell them that their computer has been infected. These products have been around for years, but in the past few months they've become a major problem. Over the weekend, The New York Times was tricked into running a scareware ad on its site by scammers pretending to be with Vonage, a legitimate telecommunications company.

But scareware ads are popping up everywhere these days, security experts say. "These guys have decided to go full-court press on this, because it's obviously very profitable," said Paul Ferguson, a researcher with antivirus vendor Trend Micro.

Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue.

When the victim pays, the scammers then deliver useless or even malicious software. Often, they also use the victim's credit card number for further fraud or try to hack into the machine.

In addition to pushing malicious ads, these scammers have also been poisoning Google search results lately. To do this, they keep track of hot search topics and then use search engine optimization techniques -- using software to create a bunch of links to their malicious pages -- so that their pages come up first in search results. When the victim clicks on the fake search result, they're taken to a Web site that pops up the fake scareware system scan.

Recently, they've hijacked search results relating to South Carolina Congressman Joe Wilson, the U.S. Open tennis tournament and actor Patrick Swayze.

Sometimes they are very localized, too. "When Seattle was having a heatwave this past summer they hijacked search results for Seattle weather," said Katherine Tassi, assistant attorney general with the Washington State Attorney General's Office. Her office sued a Texas company for allegedly supplying rogue antivirus software back in September 2008. That company has since gone out of business, she said.

Today most scareware sellers operate outside the U.S., making it hard to stop them, Tassi said. "Certainly on a state level, it's become virtually impossible."

"They're multimillion-dollar enterprises, they're criminal in nature, and they span multiple continents," she said.

Microsoft's lawsuits are so-called John Doe suits, meaning the company does not know who is behind these companies but hopes to discover the perpetrators as it continues to investigate.

Nevertheless, Cranton wrote that Microsoft hopes that the "filings will help deter malvertising in the future."

---

DONATION: www.anti-keylogger.org and www.keylogger.org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.

Thanks in advance for your support!