I’m sure you’ve seen them — those pop-up ads that make scary claims:
YOU MAY BE INFECTED!
CLICK HERE TO CLEAN YOUR SYSTEM NOW!
I just ran across one, a friend hit this site, was convinced he was infected and asked how to remove the infection.
My friend wasn’t infected. It was a fraudlent anti-virus scan with fake results. This is often called "Scareware" and it amounts to using fear to sell products — in fact, many of these products will cause more serious problems when you actually attempt to install their "fix" for these fake infections.
There are a couple types of these cons:
- User is dropped on a fake Anti-virus/Anti-spyware scan that detects "false" infections
- User is told their computer is not running properly, download X software to fix it
- User is told their activities are being monitored and recorded, click here to prevent this
Here is an screen shot that shows one of the scanners apparently finding "errors":
In truth, this computer has none of these errors and this is a simple ploy to get you to install their software. In fact, this type of attack and fraud is so common this particular scanner has it’s own Wikipedia entry: WinFixer
Here are some of the more interesting quotes:
They display false information with regards to a user’s computer,
thereby confusing said user into believing their PC is infected with
viruses, spyware and/or other forms of malware.Due to these problems, WinFixer and its sister applications are generally considered scareware spyware.
On September 29, 2006, a San Jose woman filed a lawsuit over WinFixer and related "fraudware" in Santa Clara County Superior Court.[9] KTVU (Channel 2 in Oakland, CA) carried a special report you can view at http://www.youtube.com/watch?v=zBUZHiKhsog.
The best way to protect yourself from these types of scareware attacks is simple: Only install/buy software from companies that are well respected and that you trust. If you aren’t sure, use Google to do a quick background check on the company and see what it turns up.
Also, ZoneAlarm products with OSFW will protect you. This scareware often attempts to install to this location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Any process that attempts to write/change this registry key and is not in our SmartDefense Advisor Approved list will create a security alert. The alert below shows me attempting to change the "Run Key" using the Registry Editor:
Ya i have seen those come up it’s such a scam they want you to just buy the software so they infect you with a virus.
Interesting. Now it seems that I’ve just received such a scare email from Zonelab itself proposing to “Run Your FREE System Checkup”. This email looks pretty authentic to me! And it probably is.
Still I’m concerned since
1) the URL is http://www.iolo.com/sm/freeapp/brands/zonealarm/ i.e. not zonealarm itself and
2) the zonalarm firewall doesn’t seem to know the exe.
Is this email / the system checkup legit?
Greets, thomas
I’ve had the same e-mail as Thomas a few times… Originally I passed it off as a legitimate e-mail, however I merely deleted it as I wasn’t concerned.
However, I got it again today and decided to check the links – iolo.com doesn’t sound right at all!
“…companies that are well respected and that you trust…”. In my opinion, that’s the problem what makes this crapware works. The low-average user trust in almost anything. And, considering the long-tail, there are a LOT of low-average users around.
I had, and ran this too. After this my pc behaved very strange indeed and for some reason had to install i.explorer again as both that and my asdl stuff no longer worked. I would be keen to find out if this is leagal software. If any one checkpoint reads this could i have a reply please
Cease interfering with internet populace evolution.
I got an invitation from Iolo to buy a combined suite of Iolo’s PCMechanic or some such and ZoneAlarm’s Security suite. Does anyone know whether this is a legitimate offer? Particularly, does ZoneAlarm do business together with Iolo?
Thanks,
Vyk.
I just got an e-mail about this from Zone Alarm??
iolo is listed at download.com.
http://www.download.com/3120-20_4-0.html?tg=dl-20&qt=iolo&tag=srch
I think I’ll pass on this one.
I’ve had this scareware (popups) appears a few times. I always close them imediately but sometimes you cant get rid the dam things, even with the browser popup blocker on!!!