On June 22nd, the Justice Department announced the arrest of two Latvians accused of running a scareware/Rogue AV scheme that caused as much as $74 million dollars in total loses and infected over a million computers. The seizure also included five bank accounts, 22 computers in the USA and 25 computers in six other countries This has become an extremely common form of attack both on Microsoft Windows and more recently Apple OSX systems
If the arrest does nothing but puncture the idea that the scareware/Rogue AV is a risk-free way to easy millions, then it will be a great deal of help.
The detail in the announcement shows how fake scamware can sneakily infiltrate even the most legitimate of websites. The technique is called malvertising. According to the indictment, the accused persons pretended to be an advertising agency wishing to buy space for a hotel chain on a legitimate website . As commonly occurs, the advertisement was provided to the legitimate website owner as a link. This is regularly done so that the advertiser can change ads or offer specials based on the user’s location. The legitimate website tested the ad before running it, but afterwards the script was changed to deliver virus-infected hotel ads.
The Justice Department concluded the announcement with the following advice. I bolded what I regard as the most important points.
Additional tips on how to spot a scareware scam include:
Scareware advertising is difficult to dismiss. Scareware purveyors employ aggressive techniques and badger users with pop-up messages into purchasing their products. These fake alerts are often difficult to close and quickly reappear;
Fake anti-virus products are designed to appear legitimate, and can use names such as Virus Shield, Antivirus or VirusRemover. Only install software from trusted sources that you seek out. Internet service providers often make name-brand anti-virus products available to their customers for free;
Become familiar with the brand, look and functionality of the legitimate anti-virus software that is installed on your computer. This will assist you in identifying scareware.
I am particularly glad to see the final point, as it is something that I have in the past described as the final step in securing your computer.