Tech & Work

Five pieces of scamware to watch out for

From fake antivirus apps to uninvited toolbars, scamware can bog down your users' PCs -- and sometimes do a whole lot worse.

I've been in this business a long time. I've seen things come and go. But the one thing I've seen consistently is scamware. Scamware is software that poses as legitimate but is really nothing more than a piece of malware waiting to wreak havoc. Some of this scamware is even advertised on TV, so it does look legitimate. But by the time it's installed, it's too late... and it's time to call in the cavalry. To help your users avoid installing something that could compromise their systems or your network, let's look at five pieces of scamware that you (and they) should be aware of.

1: Windows Microsoft Guardian

This lovely piece of software will seem right at home on your users' PCs. At first it promises it will take care of them, soothe what ails them, make them coffee. In the end, the fake scanning and false positives will result in absolutely nothing — other than the loss of their hard-earned cash. You won't find a site for this piece of software. It usually is encountered when users hop around from site to site until a popup appears that seems to be scanning the PC for infections. And then it seems to magically find an infection, informing users that they should purchase and install the software. Next thing you know, they're whipping out their credit cards and buying a piece of software that does absolutely nothing but rob them of some cash - or maybe worse (their credit card number).

2: Fast Antivirus 2011

This one is similar to Windows Microsoft Guardian, only it's a bit uglier and doesn't just want to steal the user's cash. In this instance, Fast Antivirus 2011 tricks the user into installing the software and then it gets malicious. FA2011 starts out as scamware and quickly evolves into a full-blown piece of malware that will cause the end user no end of trouble. Fortunately, it can be removed by any number of anti-spyware tools, such as MalwareBytes. Just make sure a MalwareBytes scan is run as soon as this popup is seen — regardless of whether the user has installed anything. I have actually seen a PC infected with this scamware that had to have the OS reinstalled. It can be vicious.

3: MacDefender

MacDefender is a Mac variant of anther piece of scamware that's been around for quite some time —Windows System Defender. The thing about MacDefender is this: Anyone using a Mac should know that such a tool isn't (currently) necessary. MacDefender relied on a lot of SEO poisoning to get listed at the top of search results. When the user browses to one of those sites with Safari, the scamware is automatically downloaded. The user is then prompted to install what looks like a legitimate piece of Mac software. Once it's installed, a fake virus scan will begin and eventually display a popup claiming the machine is infected. It's a Mac, people.... The good news is, if users don't purchase the software, they're not in any real danger.

4: Coupon toolbars

Why do people think these are a good idea? Well, a bargain is a bargain, right? And any way to find the best deal on a gross of toilet paper is alright by me. But thinking a coupon toolbar will help scour the Web for the best printable coupons is not a good idea. When I do remote support for a client, the second I see a coupon toolbar on a browser whose machine has slowed to a crawl, I remove that toolbar. Many times, it's nothing more than a piece of tracking spyware and will have adverse effects on the machine. No, it won't bring the machine to a dead stop, but it will track the user's network habits and it will effectively slow down browsing.

5: RuFraud apps for Android

These are premium SMS toll fraud apps that target European Android users. They look like well-known third-party apps (such as the Opera Web browser or horoscope apps). But once the user has granted permissions for the app, it will start sending messages to multiple premium-rate SMS numbers (such as Estonia 17013, Czech Republic 90901599, Ukraine 7540, Tajikistan 1171, and Poland 92525). In many instances, users can be charged as much as $5.00 per SMS message. That toll can get very high. Google has done a good job of removing the RuFraud applications from the Android Market, but that doesn't stop these apps from appearing on various download sites. The best way to avoid the problem is to make sure the device is set to disallow third-party installation of apps.

Scamware savvy

There are many kinds of scamware, adware, viruses, and other evil elements out there. Sometimes, it seems like the biggest battle for the PC end user and the support pro is just keeping this software from finding its way onto a machine. The best way to help yourself is to make your end users aware of the dangers so they know what to avoid at all costs. A little education will go a long way.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

Editor's Picks