Pop-ups telling you your computer has been infected with a virus and then insisting on buying a certain anti-virus solution are not only incredibly annoying, but they can also masquerade as carriers of malware.
Called scareware because they scare consumers into buying bogus anti-virus programs, this type of scam has become one of the fastest-growing types of online frauds, according to the FBI. Instead of removing the supposed virus, the programs often do either nothing at all or they install malware onto computers.
Panda Security estimates scareware brings in some $34 million a month in revenue for industrious cyber gangs. Perfect example: the Ukraine-based company Innovative Market. In May, the company was charged with running a $100+ million scareware business that scammed Internet users in more than 60 countries. According to the indictment, proceeds from the sales of the scareware were deposited into bank accounts controlled by the scammers and their accomplices throughout the world and then transferred to European accounts.
To reach victims en masse, cyber criminals often employ botnets to push out their scareware. They will also pose as legitimate Internet security companies and buy ads on other websites“”called “malvertising““”but when consumers click on the ads to purchase the products, they are redirected to websites controlled by the scammers.
Although any day or time is good enough for scammers to plug their bogus products, holidays and popular events are common occasions exploited by cyber criminals. Most recently, scammers poisoned Fourth of July web queries, according to USA Today. And with the ongoing “Twilight” hysteria, scammers know how to work the popularity of the series to their advantage by tainting “Twilight”-related search results with malicious links that trigger programs promoting fake anti-virus protection.
The World Cup has also proven to be another recent popular topic for scammers to abuse. According to PandaLabs, scareware called MySecurityEngine was being pushed through FIFA-related search terms. The fake software changed the desktop setting of the victim to display fake security alerts and take over the browser to direct the user to useless sites. It also installed malicious files and downloaded itself automatically onto the victim’s computer, making it hard to remove the malware.
To protect consumers from scareware, the FBI urges the use of a legitimate, up-to-date anti-virus program.