It’s a week before Halloween, and you’ve bought a nice big pumpkin. Now it’s time to check the Internet for advice on how to carve it. You search for “pumpkin Halloween carve” in your favorite search engine, and at the top of the list is a link to a video that promises to show you how to make the best doggone pumpkin carving you’ve ever done.
You click, and there it is, but it doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.
It’s trick-or-treat time, and you’ve just been tricked!
But you don’t know it yet, so you wait for the download, and then you get a warning, saying that your computer is infected with a virus. The popup offers to do a scan, so you take the offer – after all, the window header says “Microsoft Malicious Software Removal Tool”, and you know you can trust Microsoft. As you watch the screen, you see that you have not just one but 45 instances of malware on your poor, infected PC.
The scan window offers to show you third-party software that can remove the malware, and it even evaluates each according to how well it will do against the particular problems on your PC. Two vendors stand out, and they must be good, because they are rated higher than McAfee, Sophos, AVG, Kaspersky, Norton and Symantec – in fact, they’re rated higher than any vendor you’ve ever heard of before.
You really want to get out that carving knife and go to work on the pumpkin, but because you’re conscientious about your PC’s health and welfare, you follow links to the top-rated solutions. Fortunately, they’re not budget breakers: one is $49.95 and another is – wow! – only $39.95. That’s a bargain, so you get out your credit card, pay the fee, and download the software. Sure enough, when you run it, your new anti-virus software reports that it has cleaned out all infections from your PC and you’re safe. You pat yourself on the back for finding this gem, because the Symantec software you’d previously installed didn’t find any of these problems, but now you’ve got the good stuff!
Your only disappointment is that after all this, the pumpkin carving video still won’t play. Your creative urges call you, and you decide to start on the pumpkin anyway. As you attack the pumpkin with a knife, a scoop, and your imagination, a criminal organization on the other side of the world is bundling up your credit card information along with those of thousands of other victims, to be sold in bulk at $2 per card on one of several criminal information exchanges. Your PC is now hosting malware that has disabled Symantec Antivirus and left a bot in its place that can be controlled from far away when it’s time for the next exploit. And at Innovative Marketing Ukraine, your legitimate purchase of fake anti-virus software became part of that company’s one million US dollars per month pure profit. (Read the judgment against that particular company at the Federal Trade Commission web site, but remember that they are just one of many.)
Fake anti-virus software accounts for about 15% of the malware on the web, and it’s difficult for real anti-virus software to protect against, for several reasons. One is that, for example, “Security Tool,” one of the names used by fake anti-virus software, has over 5800 known versions that attempt to fool legitimate security software by such tricks as inserting obfuscation code among the payloads.
Innovative Marketing Ukraine is just one of the players in the growth industry of fake anti-virus software. Incidentally, if you had decided to telephone their call center to complain about the software, you’d have reached a friendly agent who would stall you and tell you that they were working on the problem and expected to get back to you in a few days with a solution. That’s long enough for your credit card debt to grow exponentially. And by then you might have figured out that the window title you read didn’t really come from Microsoft and the download wasn’t removing malicious software – just the opposite! (Read about a warning and some recommendations from Microsoft, Watch out for fake virus alerts.
By the way, you did watch a video, but not the one you expected. That window that claimed to show the results of a scan of your PC was a canned video that served its purpose – luring you to buy fake anti-virus software.
Happy Halloween! The scariest creatures aren’t ringing your doorbell and calling “trick or treat” – they’re sitting at computer terminals and living off your credit cards!