18 December 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,051,024Views 62Comments

7 Ways to Combat Scareware

19 October 2010  |  4020 views  |  2

You may have seen this before, it goes like this: a pop-up pops and it looks like a window on your PC. Next thing a scan begins. It often grabs a screenshot of your “My Computer” window mimicking your PCs characteristics then tricking you into clicking on links. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day.

From that point on if you don’t download and install the software, your computer goes kooky and pop-ups will invade you like bedbugs in New York City.

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links and download their crappy software.

Information Week reports those behind a new fake antivirus software have added a new social engineering element — live support agents who will try to convince potential victims that their PCs are infected and that payment is the cure.

The rogue software comes equipped with a customer support link leading to a live session with the bad guy. Real scammers on the other end of chat have the ability to offer live remote access support instructed by support to click a link initiating remote access to their PC.  Once connected remotely, the scammer can potentially retrieve documents to steal your identity.

Another new twist on the scam involves a popup in the form of a browser with a warning that looks like what your browser may present to you when you visit a page that might have an expired security certificate, malware warning or be a potential phishing site. The page is usually red with a warning: “Visiting This Site May Harm Your Computer” then it provides you with a link, button or pop-up that gives you the option of downloading security software or to update your browsers security.

The software is sometimes known as “AntiVirus2010” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2010” or something like “Security Toolkit”. These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

Protect yourself:

#1 Use the most updated browser. Whether Internet Explorer 8, Chrome or Firefox, download the latest and greatest. At least download whatever security updates there are for your exiting browser.

#2 Usually by default, a pop-up blocker is turned on in new browsers. Keep it on. No pop-ups, no scareware.

#3 If you are using another browser and a pop-up –pops-up, shut down your browser. If the pop-up won’t let you shut it down, do a Ctrl-Alt-Delete and shut down the browser that way.

#4 Never click links in pop-ups.  If the pop-ups are out of your control, do a hard shutdown before you start clicking links.

#5 Persistence counts. Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of.

#6 Employ the most recent versions of anti-virus and keep it set to automatically update your virus definitions.

#7 Never click on links in the body of a “WARNING” webpage that is suggesting to download updates for your browser or suggesting to download security software. Just hit the little red X in the upper right corner.

 

TagsSecurityRisk & regulation

Comments: (3)

John Dring
John Dring - Intel Network Services - Swindon | 19 October, 2010, 14:00

Just one caveat Robert to #7 - even clicking on the so called 'upper right hand corner red x' is a risk...  there is no guarantee what clicking there will do. http://www.50connect.co.uk/technology/internet/fight_off_the_scareware_threat 

Alt-F4 should close the pop-up window, and if it does not, then Ctrl-Alt-Del and use the Task Manager to kill the whole IE/FF browser etc(including any other running copies).

I confess to installing 'Internet Security 2010' in a moment of weakness a couple of years ago, thinking I was removing a trojan, only to install one.  Took days to resolve and clean fully because that machine had no effective AV. It does now.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
John Dring
John Dring - Intel Network Services - Swindon | 19 October, 2010, 21:31

footnote: can't have been a couple of years ago - must have been beginning of this year!!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Robert Siciliano
Robert Siciliano - IDTheftSecurity.com - Boston | 19 October, 2010, 21:34

Thanks for the feedback John

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6237 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6805 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5411 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5785 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5250 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan