IT Employment

Five pieces of scamware to watch out for

From fake antivirus apps to uninvited toolbars, scamware can bog down your users' PCs -- and sometimes do a whole lot worse.

I've been in this business a long time. I've seen things come and go. But the one thing I've seen consistently is scamware. Scamware is software that poses as legitimate but is really nothing more than a piece of malware waiting to wreak havoc. Some of this scamware is even advertised on TV, so it does look legitimate. But by the time it's installed, it's too late... and it's time to call in the cavalry. To help your users avoid installing something that could compromise their systems or your network, let's look at five pieces of scamware that you (and they) should be aware of.

1: Windows Microsoft Guardian

This lovely piece of software will seem right at home on your users' PCs. At first it promises it will take care of them, soothe what ails them, make them coffee. In the end, the fake scanning and false positives will result in absolutely nothing -- other than the loss of their hard-earned cash. You won't find a site for this piece of software. It usually is encountered when users hop around from site to site until a popup appears that seems to be scanning the PC for infections. And then it seems to magically find an infection, informing users that they should purchase and install the software. Next thing you know, they're whipping out their credit cards and buying a piece of software that does absolutely nothing but rob them of some cash - or maybe worse (their credit card number).

2: Fast Antivirus 2011

This one is similar to Windows Microsoft Guardian, only it's a bit uglier and doesn't just want to steal the user's cash. In this instance, Fast Antivirus 2011 tricks the user into installing the software and then it gets malicious. FA2011 starts out as scamware and quickly evolves into a full-blown piece of malware that will cause the end user no end of trouble. Fortunately, it can be removed by any number of anti-spyware tools, such as MalwareBytes. Just make sure a MalwareBytes scan is run as soon as this popup is seen -- regardless of whether the user has installed anything. I have actually seen a PC infected with this scamware that had to have the OS reinstalled. It can be vicious.

3: MacDefender

MacDefender is a Mac variant of anther piece of scamware that's been around for quite some time --Windows System Defender. The thing about MacDefender is this: Anyone using a Mac should know that such a tool isn't (currently) necessary. MacDefender relied on a lot of SEO poisoning to get listed at the top of search results. When the user browses to one of those sites with Safari, the scamware is automatically downloaded. The user is then prompted to install what looks like a legitimate piece of Mac software. Once it's installed, a fake virus scan will begin and eventually display a popup claiming the machine is infected. It's a Mac, people.... The good news is, if users don't purchase the software, they're not in any real danger.

4: Coupon toolbars

Why do people think these are a good idea? Well, a bargain is a bargain, right? And any way to find the best deal on a gross of toilet paper is alright by me. But thinking a coupon toolbar will help scour the Web for the best printable coupons is not a good idea. When I do remote support for a client, the second I see a coupon toolbar on a browser whose machine has slowed to a crawl, I remove that toolbar. Many times, it's nothing more than a piece of tracking spyware and will have adverse effects on the machine. No, it won't bring the machine to a dead stop, but it will track the user's network habits and it will effectively slow down browsing.

5: RuFraud apps for Android

These are premium SMS toll fraud apps that target European Android users. They look like well-known third-party apps (such as the Opera Web browser or horoscope apps). But once the user has granted permissions for the app, it will start sending messages to multiple premium-rate SMS numbers (such as Estonia 17013, Czech Republic 90901599, Ukraine 7540, Tajikistan 1171, and Poland 92525). In many instances, users can be charged as much as $5.00 per SMS message. That toll can get very high. Google has done a good job of removing the RuFraud applications from the Android Market, but that doesn't stop these apps from appearing on various download sites. The best way to avoid the problem is to make sure the device is set to disallow third-party installation of apps.

Scamware savvy

There are many kinds of scamware, adware, viruses, and other evil elements out there. Sometimes, it seems like the biggest battle for the PC end user and the support pro is just keeping this software from finding its way onto a machine. The best way to help yourself is to make your end users aware of the dangers so they know what to avoid at all costs. A little education will go a long way.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

15 comments
Ken Ga
Ken Ga

My wife feel victim to this crappy toolbar. A day after she loaded up the coupon toolbar and my mother-in-law loaded up a Google toolbar our hoe computer was running running very slow. My wife then blammed me because a week prior loaded up virus software, MalwareBytes, Reg cleaner and ZoneAlarm, which said was the cause of the problem. Upon investigation I saw the two toolbars loaded and questioned her about it and she said that she loaded them up so she coupon print out coupons that would save us money. I proceded to delete the crappy toolbars and cleaned things up a bit and got the computer running back to about 85% (or so) of the way it use to run. I think there still may be some crap remaining of the computer that I just can't get rid of. Does anyone have any suggestions of good reputable software that might get my XP machine running the way it use to? Thank You!

a.portman
a.portman

It amazes me how many of my users install an AV from a pop up on their work computer when it already has anti-virus on it. I have seen it several places. Um, did you install LibereOffice because you saw an ad? No. Did you order Viagra from a pop up? No. Did you cry when I couldn't save your work after you trashed your work computer? A little. One person told me Oprah said the coupon thing was ok. Oprah, you owe me some money for taking that crap off.

Gisabun
Gisabun

Regarding Mac Defender - good luck in getting any help from Apple's support. they'll just tell you to download an app from their AppStore(TM). That's what they did initially with Mac Guardian. So Apple takes 30% of the price of the app as a bonus. There are plenty of critters on the Windows side to cause problems. After all, Windows still has a big chunk othe market. That said, there are plenty of malware more dangerous than what's listed. such as the malware that encrypts your data and youb can't get it back unless you pay. I've always said that once you get a heavy duty malware on your system, your computer is never the same. Better off just reformatting and start from scratch. Even if the malware was "light", don't do any online banking or online shopping.

BALTHOR
BALTHOR

These programs could even be government line scanning.They're being attacked right during government line scanning.They destroyed they country with a war and now they're hacking.I see hackers as even using big engines to hack.I suspect that broadcast analog television was hacked using a similar method.

BALTHOR
BALTHOR

Some of these programs are really deep and maybe the only lead we have to rid our systems of virus.The way that you get these programs is they pop up on you is true.They get stuck in your computer.A reboot to safe mode and a delete is a fix.I suspect that they were legitimate and are now hacked.If a virus scanner got out a thousand virus an hour it would still take a long time to rid your computer of virus.Hackers are criminals and they're not just a little bit criminal either.

d13thdragon
d13thdragon

It looks just like the real McCoy. It fooled my ex-boss and he installed it. The next day the computer was useless. He lost 10 years of data. Not just any data but all the designs to every product ever built there, along with the programs to run them. He only learned one lesson of the two here. Don???t install a program because you think you know what it is and what it does. But as for back-ups he???s always going to get around to it. After Avast ran a boot-time scan it found 1,013,592 viruses and the OS and data was unrecoverable. I made an image of the drive and wiped it clean with 10 passes. It took me 4 days to do the reinstall of the os and programs after wards. I made an image of that too but since I no longer work there I deleted both of the image files off my hard disk, need the room for more important things. He won???t care he has never done a back-up on anything. What is so hard about setting up auto back-ups to a NAS box? They???re cheap, easy, and offer a central location for document copies. The average user will not back-up till they lose all there data.

jfuller05
jfuller05

Really Wallen? Macs can (and do) get infected just like any computer connected to the internet with users browsing the web. Macs aren't invincible.

bssplayr
bssplayr

I've had to work on PCs infected with the 'fake' virus scanners like the ones mentioned in points 1 and 2. I haven't had them do anything malicious, as in, stealing credit card numbers, etc., but in some cases, they did hijack the browser, so that you couldn't even get the tools needed to remove them. Had to load removal tools onto a USB thumb drive from another computer, then run them on the infected machine. All in all, takes a few hours to remove them.

brocksamson2011
brocksamson2011

There are many tools you can use, but it is going to be easier/quicker to backup your documents,pics and such and go ahead and reinstall windows. Also a good idea to scan your backed up files with malware bytes from a external drive before moving them back to your reinstalled system to make sure you dont bring the virus right back when you restore the files. (sometimes even in a best case scenario without viruses- windows needs to be reinstalled to restore a system to its original speedy self) Personally i like to get windows installed, all updates done, a few basic programs like office, flash and java etc. Then make a image of it. So if you have issues like this it is easy to bring it back and you only have to reinstall whatever games,settings and other programs you are currently using.

suegmune
suegmune

Wow, one million viruses? What a nightmare. And why is that software still available? and... "The average user will not back-up till they lose all their data" Very true. I lost all my data on a HD not once, but twice. It was some years ago (when solutions weren't as easy and cheap as they are now). Now I have a backup service that has been working great (Carbonite) and I have my data when I need it.

Raife_1
Raife_1

...Any fully-authorized system-administrator, actually, physically, sitting at the keyboard, of -any- computer that allows the actual owner to install software... really can, intentionally, install software. Imagine that. Oh... and this just in... Macs, Windows-PCs, and even Linux-boxes, are also vulnerable to sledge-hammer-wielding-users... too! Truly frightening.

jacobus57
jacobus57

...and I just cleaned out a vigilant client's computer with ClamAV. She suspected a bad email, accidently opened which she quickly consigned to the trash. Clam revealed several buggy messages. The myth of the iron-clad Mac is false and dangerous.

mbrello
mbrello

I've run into instances where some of my clients have also had these nuisances installed on their PC. They block the legitimate virus software from accessing the web and from cleaning it from the PC, and it also disables the user's ability to perform a system restore. However, I have had some instances where I've been able to perform a system restore from Safe Mode with the Command Prompt. However, as Jack mentioned, education goes a long way. Even if I am able to restore the PC to a point prior to when the malware was installed, once I am able to rescue the user's data, I always wipe the drive and reinstall everything - just as an added precaution - and I run a virus scan on the user's files as well.

d13thdragon
d13thdragon

The only OS that they can't kill is ubunto running from a cd-r on a disk-less work station. My bad you could still get a bios infection.