Scareware: Targeting acomputer near you

Have you ever found yourself happily browsing away; clicking innocently through various websites, when suddenly, you are confronted with a pop-up claiming your computer is riddled with viruses? Impossible! You claim. No matter what you select, the program continues to scan your computer, reveal a vast multitude of nasty files you had no idea where there. Then you are offered a very convenient way out of this disaster situation. An unknown 'anti-virus' program can cure it all for you. And all they need, is your credit card details.

What you are facing is known as Scareware: fake security software in a legitimately looking application which is delivered to the end user through illegal traffic acquisition tactics; the sole aim of which to frighten you into purchasing a product you dont actually need.

Snickerdoodle cookies and fake anti-virus software from Sophos Labs on Vimeo.

The prevalence of scareware packages has reached epidemic proportions, with 485,000 different samples detected in the first half of 2009 alone - five times the combined figure for the whole of 2008 according to statistics from the Anti-Phising Working Group (APWG). Even popular Tech Blog, Gizmodo was hit last week, when they were found to be displaying adverts with similar viruses to the one demonstrated hidden in them.

Unfortunately these scams are going to suck a lot of people in. The embedded video I posted above shows how convincing the software can be; mirroring Microsoft fonts and colouring, allowing victims to make an unconscious association between the two. Not only will people part with up to £60 for the 'fake' anti-virus product, but they will also be handing over credit/debit card and personal details, further exposing themselves to theft. And with Christmas only around the corner the likelihood of coming across scams such as this will be higher as the phishers usually work through popular consumer goods websites and search terms.

So what can you do to protect yourself?  Well if you use Mozilla Firefox as your web browser, there is an add-on called NoScript which can undermine the effectiveness of any scareware campaign. Otherwise, ensure your antivirus software is always up-to-date.  In this case, if something does attempt to upload itself on your computer it will be blocked before it can install.  Unfortunately, due to the nature of these scams your legitimate Antivirus software still may not detect certain Scareware for a variety of reasons. What is important is that you learn to recognise Scareware, so that if it does install itself you are not fooled into handing anything over. If you find yourself faced with Scareware software, update your Antivirus, and then scan your computer - this should remove it.  People in the Backup Direct office have already been targeted by Scareware on their home computers.  The best advice we can give is to not click anything on the pop-ups themselves. Simply close your browser and run your security updates.