Scarewares are the latest online menace, which attempt to scare you and thus make you buy fake fix solutions to cure your perfectly working computer system. They would appear as ’security alert’ pop-ups, warning the users of critical errors and offer to do a free scan of the system to identify the errors. These alerts can look genuine wearing the garb of a legitimate Windows operating system feature. The alert can also come via email messages or in the form of advertisements.

The obvious intent of these scareware alerts is to induce the receiver to act on the warning and eventually get paid for ‘curing’! If the scan offer is acted upon, then the scan results will show a list of serious errors on the system. The catch is, of course, that there is a fee that should be paid in advance for fixing the problems! If the user is foolish enough to go forward, he will not only lose money but will also be causing damages to his own computer system.

The US Federal Trade Commission says the creators of these ’scarewares’ are out to dupe the users. In all probability, the system does not have any viruses and is clean, but acting on such a fake warning will create hitherto nonexistent new problems on the system. FTC further advises that if such a security alert window pops up on your system, your immediate action should be to search the name online to see whether it is a rip-off. Almost certainly, you will learn that it is.

Cybercrimes continue to evolve with the time and the criminals always come up with ingenious ways, with the ultimate aim of getting money out of the user. The people behind the scarewares are difficult to trace as they operate from remote corners of the world or uses fictitious identities. If there is a money trail, however, it is helpful for speedier detection and prosecution. Microsoft has helped put the case together with the Attorney General’s High Tech Unit. Software giants have, in the past months, filed law suits against offenders and are constantly monitoring to detect any more offenders. Few of the scam programs listed include Scan & Repair, Antivirus 2009, MalwareCore, Windefender, XPDefender and WinSpywareProtect.

If you happen to receive such a pop-up scareware alert, do not click on the ‘yes’, ‘no’, or ‘cancel’ buttons or click on the ‘x’ on top right corner to close the window. Many of these scareware alerts are written to act if you click on any of these buttons. The right way to terminate this alert is to press the Ctrl-Alt-Del combination to open your task manager, select the appropriate program and then click to end the task. Also, it is a good practice to reboot your system immediately thereafter. You should ensure that the system has a good live anti-virus, anti-spyware software and also a firewall to protect the system.

So, the next time you see such a ’scareware’ warning, you know what to do. Do not invite trouble by clicking ‘yes’ on all offers without knowing the implications. Only if you are careful, you will be able to maintain the good health of your system in these troubled times.

If you wish to read further on scarewares and/or see a list of legitimate security vendors, here is a link you may wish to explore:

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt121.shtm

Explore More

Blind SQL Injection and XSS Vulnerability in MyRingTune

PlanetCreator reported another critical SQL injection (vulnerability) on MyRingTune  URL : http://www.myringtuneonline.com SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of

Critical persistent xss vulnerabilities at IPAY : Myanmar Online payment Official Site

This evening, I found a fascinated  big bill board “IPAY” http://www.ipay.com.mm at Thamine Junction, Yangon, Myanmar. Then, I said my friend “googl3group” about it, and said  “NO XSS, NO SQL

Security Alert to www.mtv.co.kr, MySQL Injection

Hi, http://www.mtv.co.kr Webmaster This is PlanetCreator’s Security Te@am & Hackers Group, PlanetCreator has reported Critical SQL Injection vulnerability on http://www.mtv.co.kr/ Website. Informed to [email protected] Some of your Web’s Data Information