Scareware

Rogue Security Software Is Tricking the Unsuspecting Computer User

Almost every day I get a message asking about an alert someone has received. The alert usually starts with a warning that the user's computer is infected with spyware and the user can remove it by installing software that the message offers. The software is not free of course and if the user installs it (and pays), they have just paid to have a fake security program! The 'security' program could be a poor rip-off of a genuine program, but is more likely to be spyware, the very thing it is supposed to remove.

A lot of users will be intimidated into paying for this 'rogue'. They have heard about spyware and are scared. So they fork over their money and now they really have spyware!

There are so many of these rogue programs it is all but impossible to keep up with them. They generally have a name that is similar to a real security program in an effort to make the user think it is 'the real deal'.

Some examples of these rogues include 'Windows Antispyware 2009', 'PC Security 2009', 'Microsoft Security Adviser', etc. It's easy to see how the ordinary user can be fooled by these names. Some of them are the exact same name as a real program! Once these nasties get on a computer it can be hard to remove them.

So where did this 'warning' come from?

The fake warning came from a criminal that wants to scam the user and take their money and possibly turn the user's computer into a 'zombie' and added to the criminal's 'botnet'. (A zombie computer is a computer that has been taken over by a criminal and the botnet is a network of zombie computers.) The criminal uses the botnet to send out thousands of emails containing spam or emails that will trick new users into turning their computers into zombies. The email addresses are taken from the user's address book. Scary stuff!

How did this 'warning' get on the user's computer?

The 'warning' could get on a computer in any one of a number of ways. The user may have clicked on a link in email. The link may have been 'linked' to an evil download. The user may have gone to an infected website that planted the scareware on the user's computer.

A few of these programs are extremely difficult to remove as they plant something known as a 'rootkit' on the user's computer. When this happens, novice users will need to have professional assistance  in removing the rootkit as most security programs do not even see this evil software.

Folks, you must practice safe computing to avoid this type of stuff!