The ultimate guide to scareware protection

The ultimate guide to scareware protection

Summary: Taking into consideration the fact that 99% of ongoing scareware campaigns rely on "visual social engineering", this gallery presents some of the most popular templates used by cybercrime gangs in an attempt to trick the end user into installing the fake security software.

SHARE:
TOPICS: Security
41

 |  Image 26 of 58

  • Thumbnail 1
  • Thumbnail 2
  • Thumbnail 3
  • Thumbnail 4
  • Thumbnail 5
  • Thumbnail 6
  • Thumbnail 7
  • Thumbnail 8
  • Thumbnail 9
  • Thumbnail 10
  • Thumbnail 11
  • Thumbnail 12
  • Thumbnail 13
  • Thumbnail 14
  • Thumbnail 15
  • Thumbnail 16
  • Thumbnail 17
  • Thumbnail 18
  • Thumbnail 19
  • Thumbnail 20
  • Thumbnail 21
  • Thumbnail 22
  • Thumbnail 23
  • Thumbnail 24
  • Thumbnail 25
  • Thumbnail 26
  • Thumbnail 27
  • Thumbnail 28
  • Thumbnail 29
  • Thumbnail 30
  • Thumbnail 31
  • Thumbnail 32
  • Thumbnail 33
  • Thumbnail 34
  • Thumbnail 35
  • Thumbnail 36
  • Thumbnail 37
  • Thumbnail 38
  • Thumbnail 39
  • Thumbnail 40
  • Thumbnail 41
  • Thumbnail 42
  • Thumbnail 43
  • Thumbnail 44
  • Thumbnail 45
  • Thumbnail 46
  • Thumbnail 47
  • Thumbnail 48
  • Thumbnail 49
  • Thumbnail 50
  • Thumbnail 51
  • Thumbnail 52
  • Thumbnail 53
  • Thumbnail 54
  • Thumbnail 55
  • Thumbnail 56
  • Thumbnail 57
  • Thumbnail 58
  • The scareware is featuring fake awards, fake comparative reviews claiming it outperforms popular antivirus vendors, and has also included a fake "Internet Threats" indicator.

  • This is great example when a piece of scaware is advertising itself as an application capable of removing another scareware, in this case WinPCDefender, which they claim is a scam. Ironic.

  • Someone must have been very bored to come up with the Cleaner 2009 brand.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

Talkback

41 comments
Log in or register to join the discussion
  • Scams

    I have seen many of these screens before, on my own PC. I usually retreat to AVG, Norton, or Symantec sites to check their claims, do online scans, and Google search to find unhappy "users"
    Quebec99
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    there ought to be laws... even so far as a kind of "western justice". BILLIONS of dollars are wasted each year in productivity loss due to these scams!
    catcreekjim
    • TrendMicro RUBotted

      You might want to check TrendMicro's RUBotted. I installed this thinking it might be a good idea. Two weeks later it "detected a bot." It instructed me to download some other software to remove the "bot." On attempting to install this software I was informed that I "must" remove SpyBot. When I did that SpyBot had a message stating that TrendMicro could not explain (nor could SpyBot) why Spybot S&D had to be removed.

      I smelled a rat and removed RUBotted. None of my other detection programs have detected anything amiss.
      LBean
      • semi-scare ware

        The problem with RUBotted is that is also a bit
        paranoid inducing. After it "detects a bot" make sure you read the log before you go to their clean up. A lot of the time its for
        something on the order of somehow you talking
        to a suspect site. If its something simple, just clear your log, otherwise consider using
        something to clean up your system. The
        problem with the online versus is that it is
        terribly slow.


        I think of RUBotted as a potential semi-scare
        ware in that it is over reacting to a potential
        problem in order to get you to go to their site
        to advertise their software to you. That said,
        at least they do sell real software as opposed
        to fake application that do nothing real.

        As to spyware search and destroy, well it does
        sound kind of nasty, but it is possible that the applications do not play nicely together.

        richard233
        • Trend Micro Internet Security...

          I went to IS 2006 when Norton was obviously blowing itself up. I really liked the program, but had great difficulty getting the Spybot S&D immunizer to work with PC-cillin. Somehow I got them to work together, but the 2007 product was just as bloated and junky as Norton by that time, and I abandoned all suite software from then on (until now).

          Standalone products work way better, and use less system resources. Spybot S&D is finally obsolete, however. My clients are doing much better with Adaware Anniversary Edition and AdWatch enabled. I think this is a move to pitch Safer-networking off the market for good.

          MBAM is all you really need though(for malware) with a lifetime license on the real time protection. Just no comparison out there. Superanti-spyware may be doing this now too, but it may hog system resources; I notice the scan does, even without the real-time protection.

          Believe it or not, I was basically forced into using NIS 2009 for about a year now, and no viruses! No particular performance hit either!! I was very surprised when I upgraded a client that had NIS 2005 on his older PC, and it improved the performance!! Go figure! I can now recommend it for users with a bigger budget and no particular adeptness for security.
          JCitizen
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    While I have spent some time removing these "Scarware" products from our work computers, I still think a lot of the burden should be on the user (I try and teach them not to go or download them).
    straylor@...
    • I heard that about the users;

      But as my first boss used to say if it wasn't for the users screwing up we would have one heck of a system here.
      doug.miller@...
      • I heard about users....

        I think most IT professionals should bear in mind that very few organizations are in the business of IT; providing support to users (who are creating wealth by the way) is our purpose. Very few people in IT directly create wealth.....
        ltrombley
        • Great wisdom...

          and besides I don't fault the user, these things come in as drivebys on legitimate sites. My AV blocks them before they have a chance to get through the firewall.

          On XP a good Comodo/NOD32/AdAware combo defeats them regularly also.
          JCitizen
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    Would that it was so simple. Gone are the days that we could say "Don't click on attachments, don't download anything and you'll be fine". These days, even visiting a reputable site like the New York Times can lead to a drive by install. Users don't have to actually do anything wrong, compromised websites, compromised website advertising and scripting vulnerabilities lead to infections very easily. Sad state of affairs.
    xelan
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    WHAT SOFWARE CAN STOP-DELETE THIS NEW CODEC ATACK,DON'T LET IN???
    grampa1631@...
    • NIS 2009...

      I see it popup, occasionally to tell me it has kicked butt on one variant or another before it even downloads.

      Thats Norton, but MBAM may be able to block it too, and it has a very economical lifetime license for [b]realtime protection[/b] for personal use.

      I've seen mine kick butt in real time on a lot of malware(some false-positives), but it won't Identify it unless it is already on your PC and being quarantined from a scan. It also fixes any registry cracks the malware has committed.

      MBAM = Malwarebytes-antimalware, you can use it free as a scanner - download from CNET or FileHippo
      JCitizen
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    TREND MICO over the last 3 years is NOT compatable with SpyBot as well as ADAWARE. I've used the Trend AV Software for 4 years and found this out the hard way.
    I removed all TRENDS Software and installed a Different one and all was good. If one likes Trend so much they won't replace it, your going to have to dao without SpyBot and Adaware. No to mention if you had SpyBot running at one time all the flagged/deleted/and quarentined stuff that gets loaded onto ones Registry.
    I learned the hard way, with hours and hours of cleaning and removing stuff from my HD/Registry and then some.
    Use Trend, you can't use Spybot & Adaware.
    Use another AV Program and after using Trend with Spybot & Adaware your in for hrs of fun and games!
    BTW; This is all listed on TRENDS Knowledge Base Page!
    Bravo10
    • Yes - after IS 2006, PC-cilline became..

      a pain in the @ss! I got rid of it and went to NOD32, which LOVES Spybot, Adaware, MBAM, - it don't care 'cause it is just a dang good antivirus. The free Avast is almost as good.

      Trend was almost good enough in 2006 to use by itself, but not anymore. I don't use ANY suite by itself ANYMORE, and never will. If the AV can't play nice, it ain't worth have'n. I spent two years tearing my hair out and running laboratory honey pots to find this out.
      JCitizen
  • The Ultimate way to stop this

    Is for the various credit card industries install a method to actively deny charges to an identified scamware business. heck, they have the power and should use it to prevent this type of fraud.
    CaptOska
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    I think it was Trendmicro that made PC-cillin. I tried it when I was looking for an alternative to resource hog Norton Internet Security. I had problems with PC-cillan where after a couple weeks my computers would start slowing down. I timed certain functions. Cold start boot-up times approached 15 minutes! No exaggeration! When on line changing a page at a website would take between 6 and 10 minutes. It didn't matter whether it was reading an article or purchasing an item. Again, the boot up and general slow downs would occur after a couple weeks. After I was able to document the behavior and its pattern I engaged in a week long exchange with TrendMicro. The solution was to delete the setup and re-enter the teaching mode. It did return process speeds back to normal, but 10 days to two weeks later, same old thing. I also didn't care for the inability
    to pause a virus scan once it started after the scan progressed past a certain point. Too many times an immediate need arose and the scan couldn't be stopped to perform the task and the computer had to be powered off and restarted to wrest control back. I tried a couple other security programs, but ended up going back to Norton/Symantec. Their triple license for each program really sweetened the deal since my network is fairly small. To be fair, TrendMicro also offered the triple license, but even a dozen licenses wouldn't make it a good deal with the results I was getting. Oh yeah, my machines are running XP Pro on three machines and Vista on one.
    jhand47201
    • Same here..

      but don't quit using addon malware defenses, Norton Internet Security plays very well with any anti-malware that doesn't have a virus engine.

      I was really shocked to see Norton cleanup their act for this year. They got rid of the bloat, and are very reliable - I've double checked it several ways - by uninstalling it and scanning with NOD32, and running a malware scanner with anti-virus(Lavasoft), just to make sure. No viruses for year - and this is a lab honeypot, so it gets a lot of combat duty.

      The only rub is they use some-kind of partitioned background scanning for certain trusted applications as a substitute for heuristics. Apparently finding they could compartmentalize it and lower system usage.

      I'm not sure I like that as a heuristic engine, but I must admit, it is fast anyway. It has blocked threats from all angles. From infected DVDs, USB,flash media, IM messenger attacks, Port 80, you name it, it stops it quick!

      It has a smart firewall that pretty much stops the leaks unless you got AT&T and have to reset the IP so it will pass a firewall test. I'm not convinced it has outbound blocking as good as Comodo. With the over all features I say it is well worth it.

      I do not work for any man or company, I just hate malware to pieces!!!
      JCitizen
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    I also check with zdnet.com and cnet.com to check on legitimacy
    mcd_jeannot@...
  • RE: Doctor Antivirus 2008 (The ultimate guide to scareware protection)

    ...and on the same ZDNet Page is an ad for PCTools for
    anti-virus software.

    How in the world is a non-technical business person
    suppose to differentiate the malware from the legits?

    I feel sorry for PC users these days.. they can't win
    for losing.....

    The Credit card idea is sort of interesting
    though.....

    rick.sheeley
    • Simple rule...

      don't click on anything you didn't purposely initiate. A legitimate anti-virus is not going to pop up out of nowhere and offer to scan your computer and hold it hostage until you pay.

      Simple. Don't click on any popups that you aren't sure of - end them with task manager.
      JCitizen