Don’t be Deceived by Scareware

Fear is a good motivator.  Fear has the ability to get people to act quickly before their rational senses kick in.  And a cleverly devised social engineering scheme can motivate smart people to do irrational things by preying on their fears.  Manipulating people into installing software that is harmful is known as scareware.

If a web page said, “Click here to download a virus to your computer” would you download it?  Probably not.  What if it said, “Your computer is infected with a virus.  Click here to download free antivirus software.”  Would you download it?  Out of fear or desperation, many people would… and do.  In many cases these downloads are themselves installing spyware, rogueware or other malware.

Identifying Scareware

Scareware leads you to believe you have a problem even if you don’t.  This comes in many forms.  Sometimes it’s a popup that looks like a warning message from your operating system.  Sometimes it’s a web page that looks like a warning from Google or an Internet Explorer error page.  Whatever the form, the message is designed to trick you—even scare you—into installing their software.

Good advice says, “never take candy from strangers” and “there’s no such thing as a free lunch.”  But this advice is put on the shelf when a message tells you your computer has been infected and you need to download some software to fix it.  And fortunately for you, there’s a free trial version of their software.

It’s not always fear-based.  Some products will offer to perform a free registry scan to speed up your computer.  While there are many legitimate products that actually do this, there are far more that say they do this, while in fact they are Trojan horses carrying malware.

Know your enemies

To fight your enemies, it helps to understand their motivations.  I classify malware in two distinctly different categories based on the author’s intent.  Typically, their intent is either malice or greed.

Malicious malware consists of viruses, worms and any software that deletes or corrupts data or disables a computer for no apparent reason and with no way of stopping it.  Sometimes the authors will identify themselves in order to gain recognition.  Sometimes just knowing they’ve hurt people is enough satisfaction for them.  I won’t attempt to get into the psychological disorders of these people except to say they are wired differently than most of us.  Their intent is purely malicious.

In the greedy category are programs that range from mildly annoying to seriously threatening.  This is where I would put rogueware, spyware and ransomware.  While some of these have the ability to be destructive—and in some cases use this capability—the authors are motivated by money rather than pure malice.  They’re not trying to prove a point or make a statement.  They just want money and don’t care how they get it.

Let’s start with rogueware.  At last tally, rogueware cost its victims over $400M last year.  Here’s how it works:  A message tells you that you may have a dangerous virus.  Free antivirus software is offered to you.  You install it and run a full system scan.  Sure enough, it found a virus!  Unfortunately, this free version does not have the ability to remove this particular virus.  No, for this one you must upgrade to the “Pro” version for anywhere from $40 to $140.  You buy it, run it and the virus is removed!  Whew!  That was close… or was it?  This software fixed a problem you never really had.  There was no virus to begin with.  And this antivirus software did nothing but make the fictitious virus go away.  You’ve been scammed and you’re out a few bucks.  But at least no damage was done to your system, if you’re lucky.  But most rogueware comes with other spyware and ransomware hidden within.  If you’re not lucky, you now have spyware running on your computer.  You also have a false sense of security, thinking you have antivirus software running.

Spyware can range from mildly annoying to seriously threatening.  Spyware watches what you’re doing and transfers information to a computer run by its author.  On the low-threat end of the spectrum, it may be monitoring websites you visit to find your interests.  Once it gets an idea of your likes and interests it knows which advertisements to display to you.  These popups will likely come up on your computer whether or not you are browsing a website.  The more intrusive ones will actually redirect your search requests to their own sites that look like the popular search engines (Google, Bing, etc.).  Of course, the results they display will be to their advantage.  However they do it, when you click one of their ads, the ad sponsor pays them a fee.

On the seriously threatening end of the spectrum, spyware can be designed to look for passwords, social security numbers, bank account and credit card numbers and other personally identifiable information.  This information is sent to the author to use however he or she sees fit.  It can even open a door that allows the author to log in and look around on your computer or network.  This can be serious.

Ransomware is a form of data hijacking.  Rather than destroying data as a virus does, ransomware will lock out your data and threaten to delete it if you don’t pay the ransom.  Usually it will give you just a few hours to pay the ransom by texting or calling an overseas toll number.  Once the funds are in place you receive a code you can enter to get your data back.  If the ransom is not paid in time, the software irrecoverably deletes your data.  Ransomware sometimes comes with rogueware.  While running your fake virus scan it is actually locking your data.

Helpful advice

I’ve only scratched the dirty surface of hacking.  There are more threats than these and they often occur in various combinations.  But hopefully I’ve given you a healthy fear of malware; one that inspires you to take action against it.  There are several things you can do to reduce the possibility of being attacked:

  1. NEVER download software from an unknown company or person no matter how professional they seem, how many people recommend them or how desperate you are.
  2. NEVER open email attachments from people you don’t know.  If you do know the person, still be leery as email spoofers can make email appear to come from a friend.
  3. Only install antivirus/antispyware products from reputable companies such as AVG, Symantec (Norton), and MacAfee.  This is not an exhaustive list, but these are among the most popular.
  4. Remember that virus checking performed by your email provider does not protect you from downloading viruses and malware from websites.
  5. Also note that it is possible to unknowingly download malware from an infected website without your intervention.
  6. If your computer is running slow, don’t be tempted to accept the free system checkup scan offered by some unknown website.  Either buy a reputable product or have a professional examine your computer and network.
  7. If your company’s security is paramount, you should consider a smart firewall that can identify and block malware from entering your network and block sensitive data from leaving your network.

After the fact

If you think you may have been the victim of one of these scams or you think you have a virus or other malware, don’t panic.  After all, that’s what they want you to do.  As long as your computer is still running and you can access your data files, chances are good you’ll recover from this.

The first step is to buy and install some good antivirus software.  We recommend AVG, but Symantec and MacAfee are also good choices.  Use this software to run a full scan and let it clean any problems it finds.  Some malware will actually prevent antivirus products from installing or running.  If this happens, you may need to wipe your disk and restore from a backup.  You do have a backup, don’t you?  If not, create one now.  Since your backup disk may also be infected, the safest thing to do will be to do a fresh install of Windows (or whatever operating system you use), install your new antivirus software, and then copy your data files from your backup.

If you would like to have us perform a security audit to identify areas where your company’s network may be vulnerable to attacks, or rid your network of existing viruses, contact us  We’re here to help.