

The Perfect Scam - FSecurePal
http://www.technologyreview.com/computing/37718/

======
nickolai
Regarding fake antivirus software : The idea itself is not that innovative.
Fake medicines have been part fo the crooks's easy-money-toolbox for ages.
This just applies the "you look tired and sick. buy our snake oil to cure your
ills" approach to computer users.

The tendency to pay up for dubious remedies of uncertain value is nothing new.
Some ways of proposing expensive fake solutions to nonexistant problems are
even legal.

~~~
pygy_
_> Some ways of proposing expensive fake solutions to nonexistant problems are
even legal._

Could you give some examples?

~~~
hvs
Most "herbal medicines".

~~~
kenjackson
In this case and homeopathy, the solution is fake, but the problem is usually
real.

------
yaix
The real problem are operating systems with long known problems in their
fundamental security architecture. The result is that any script kiddie can
click himself a botnet together in half an hour.

If Windows had repositories ("markets" how there are called nowadays), the
problem would be much less severe. And if IE would have put less emphasis in
creating own "MS-versions" of HTML and JS with every new release, and more
emphasis on creating a solid product, the problem would be much less severe
too. But they didn't so it isn't. Lucky scammers.

~~~
georgemcbay
A lot of the problem is users' reluctance to upgrade off of XP to Win7 (or
even Vista). Certainly Microsoft deserves blame for XP having been as insecure
as it was when released, but newer versions of Windows are incredibly more
secure against these sorts of attacks, especially when they are running
Microsoft Security Essentials.

I'm not sure what you're talking about in terms of "MS-Versions" of HTML and
JS, at least in the sense of them being a security risk. That's just anti-MS
bullcrap, really. IE is actually inherently quite secure in lots of ways
Firefox still isn't, and the primary vector for these types of attacks are
Adobe plugins (Flash, Reader) and have nothing to do with browser-specific
code.

~~~
yaix
>>A lot of the problem is users' reluctance to upgrade off of XP to Win7

Yes, that's old news and the reason Andrioid and iOS have "marketplaces" that
update automatically and reliably. Windows still doesn't.

>>I'm not sure what you're talking about in terms of "MS-Versions" of HTML and
JS

Then you haven't been a Web developer in the past 15 years, I guess.

------
bermanoid
Does anyone here have any useful advice as to how to deal with (and get people
to avoid) these types of things? I usually avoid tech support, but sometimes
(parents, gf, close friends, etc.) it's unavoidable, and I've been seeing a
lot of stuff like this lately.

Obviously the usual advice applies (let those damn system updates run, update
AV, NoScript+Adblock+non-IE browser, when strange looking .exe files try to
run don't let them, etc.), but I'm seeing this stuff come up on systems where
people _are_ doing these things right, and actually seem to know what they're
doing. I don't use Windows a lot myself, so I don't know if these things are
really tough to avoid, it's always possible that people _have_ done some
stupid things, I'm not sure...

It seems that more and more often, too, I'm ending up having to resort to
digging through HijackThis logs and cleaning things up by hand, which is not
something an average end-user can really be expected to do.

Am I missing some better advice to give people (better AV software, maybe?
Some of the big ones are missing infections that I know are several weeks or
months old, which I would think is enough time to get the signatures in
there...), or is this really just something that the average PC user will be
doomed to turn to their nerd friends and paid support people for help for the
foreseeable future?

~~~
daemin
I had a drive by anti-virus thing install itself once, luckily it wasn't that
hard to remove since it was just a couple of registry entries and an
executable. My suspicion is that I caught it through some advertising on a
site, hence I now run adblock on risky/unknown sites.

------
illumin8
This is really a great article - detailing the extent of the malware and fake
anti-malware market.

------
mynameishere
Dealing with this crap on people's computers is so infuriating that I've often
wished the government would just green light CIA hits on the perpetrators in
Russia. But realistically, it's VISA and Mastercard's fault.

