NEWS FROM THE LAB - Thursday, October 4, 2012

Scareware and "Scary" Scams Aren't the Same Thing Posted by Sean @ 12:21 GMT

Two big headlines to comment on.

First, there's this: FTC Case Results in $163 Million Judgment Against "Scareware" Marketer.

FTC, Winfixer

The defendant, Kristy Ross, has been involved in U.S. FTC cases going back to 2008: Court Halts Bogus Computer Scans.

Her boyfriend "Sam" Jain is still at large:

Sam Jain

You can read more about Jain in this June 2011 post.

An important judgment to be sure, but remember, Ross is one of yesterday's scareware vendors getting the hammer.

Here's a site where you can see example's of today's: S!Ri.URZ.

And the second headline:

On October 3rd Australian, Canadian, UK, and U.S. agencies announced action against another type of "virus scam". Here's the FTC's release: FTC Halts Massive Tech Support Scams.

FTC, Pecon

Excellent work! But, there appears to be some confusion as to just what was halted. Some news networks appear to be confusing this action with October 2nd's, possibly due to FTC Chairman Jon Leibowitz when he said the following:

"And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem."

Err… no, no they haven't. There's no "ware" (malware) involved in tech support phone scams — it's pure social engineering. He really shouldn't have used the term scareware.

Tech support phone scams involve: people calling up from call centers; telling the receiver that "IP traffic" or some other such nonsense indicates their computer is infected with a virus; making a remote connection to the computer in order to "clean" it; and then selling them free or trial security software.

It's a social engineering scam — there's no scareware, there.

For a better understanding, we recommend this VB2012 paper from ESET: My PC has 32,539 errors: how telephone support scams really work [PDF] by David Harley (ESET), Martijn Grooten (Virus Bulletin), Steven Burn (Malwarebytes), and Craig Johnston (an independent researcher). The paper was first published at Virus Bulletin Conference, September 2012.

And if you want to listen to some folks trolling tech support scam callers…

Google results for tech support phone scam:

Google, tech support phone scam