Warning: Don’t pay for “scareware” scam anti-virus and anti-spyware

A couple of months ago, I was working on a project at work when a window popped up on my computer at work. “Scanning for spyware,” it said, and it looked like it was finding a lot of bad stuff. When it finished, it listed several courses of action I could take, of which the recommended one was paying $39.95 for “XP Antispyware 2010” which would remove everything it found. It looked very official, with a shield logo very similar to the four-color Windows logo. It would have been very reasonable to assume it was part of the Windows system software, trying to protect me.

I knew better. I knew this was a “scareware” program, a program which did a fake virus/spyware scan in an attempt to get $39.95 out of me. I went and got one of our IT guys and had him take it off.

However, a LOT of people would have fallen for it. Yesterday I found the Wikipedia page for this scareware program, which also goes by the names MS Antivirus, XP Antivirus, Win Antivirus, and about 30 other names that get as close to Micosoft’s trademarks as possible without infringing. The authors of this software, believed to be in Kiev, Ukraine, use affiliate marketing to find people to distribute their software via infected sites – meaning, the people who build the infected sites share in the $39.95 payday when someone purchases the “full version” of this junk. It was reported that the top affiliate made $158,000 in one week.

If something with a similar name pops up and says your computer is infected, paying $39.95 is not the best option or even a good option, as it will just install more malware on your computer. If it happens at work, get your IT people and they’ll know how to take it off. If it happens at home and you’re good with computers, Google the name of the program (you may have to do this on another computer, as the programs sometimes block Google searches on their own name) for instructions how to take it off. Each variant is a little different so I can’t give exact steps that will apply to all of them here. In general, you need to find the name of the program in Task Manager, kill it, run a anti-malware tool, and then clean up anything it left in the Registry. If that sounds too complicated, pay a computer repair person to do it, but absolutely do not pay $39.95 for the full version.

If you have friends or relatives who are not computer-savvy, you may want to show them the Wikipedia page about this scamware, so they’ll know what it is if they get hit with it. Unfortunately it’s found all kinds of different ways to distribute itself – since they’re getting paid, the affiliate marketing distributors seem to be quite clever about it. Currently goo.gl shortened links on Twitter are a popular way to redirect you to a site that downloads this junk to your computer.

Hmmm… a few months before my computer got infected, I ran into a guy I knew from my U of M days while eating lunch. “I’ve known for years that you’re very good with computers,” he told me. “You should come over to the dark side, where the big money is.” Obviously, I didn’t pursue it, but I wonder if he was talking about building sites to distribute XP Antispyware 2010 and its brethren.

Anyway, pass the word on about this scam software, and help keep everyone safe.