Are You Scared Yet?

We have recently seen an increase in scareware incidents. Scareware is a tool that is being used to trick people into giving away money, control of their computers or personal information. This particular method exploits people's fear that there may be something wrong with their system. The culprit offers to help, thus duping the victim into allowing access to their system. Because these attacks are initiated by user input, they are very difficult for anti-virus programs to detect. Anti-virus programs are looking for other programs that are behaving suspiciously. In these attacks, it usually isn't a program that is performing the suspicious actions, but a user, so they fall outside of the scope of a traditional anti-virus.

The most common action scareware takes is to simulate real problems on your computer and then offer to fix them. The culprits will write a program that will change settings on your computer to cause problems and then pop up an advertisement offering a solution to these new problems. This advertisement will often be disguised as a Windows alert to try to trick people into thinking that this is a solution that is being offered by Microsoft, which makes it appear more authentic. This “fix” is usually something that you have to pay for, but sometimes is offered for free. Once they convince you to download their “fix” they have complete control of your system.

There are several different options for them to take at this point. Sometimes the “fix” will simply restore your settings and you'll think that it must have worked because everything is back to normal. This is usually done after you've paid for the “fix”, and is a method that allows the culprit to get positive online reviews from victims that have been tricked. This way future victims are more likely to fall prey, as a quick Google search will return results that would indicate that this program is legitimate.

Another option is for the “fix” to schedule periodic problems. Each time a problem comes up, you'll be asked to pay for another solution. This way people are duped into giving away money multiple times for a single infection.

The most common occurrence though, is for the “fix” to simply embed itself into your system and systematically send all of your data back to the culprits who created the program. Anything that you have on your computer or enter into your computer can be compromised. This includes not only your documents, but any online accounts, including banking and email accounts. They can also use your computer as a stage to launch attacks against other systems. This way, when the attacks get detected they're traced back to you instead of the perpetrators.

Another attack that we've been seeing lately involves a phone call. Somebody will call the victim and inform them that either there is a problem with their computer, or that there is an upgrade that they must do. They will convince the victim to punch some commands into the system, which will open a communication port. They are then able to load in whatever programs they want, and perform the same attacks mentioned above as if the victim had installed the program themselves.

Sometimes the culprits use a blended attack. In one incident we recently saw involved a pop up advertisement asking the victim to purchase software, and once purchased the victim was directed to call a number to register the software. When the number was called the victim was told to punch a code into the computer, which allowed the culprits to remotely access the computer.

The key to protecting yourself from these attacks is to do your research. If a warning pops up telling you that there's a problem with your computer, hop online and research the problem. Then, make sure that the download is coming from a trusted source, such as Microsoft.com. Malware will sometimes try to confuse you by using a Microsoft subdomain, which would look like http://microsoft.downloads.com. This is actually connecting to downloads.com, and not Microsoft. As always, if you still have doubts seek out a professional opinion.

There are people out there that are going to try to trick you into giving away your information. Don't allow access to your computer to anybody you don't know. That would be like handing your house or car keys to a stranger. You never know what they're going to do.