Microsoft to sue scareware security vendors

Microsoft and Washington state are cracking down on scareware scammers who bombard computer users with fake warning messages in hopes of selling them useless software.

The state’s attorney general and lawyers from Microsoft’s Internet Safety Enforcement team are expected to announce today several lawsuits against so-called ‘scareware’ vendors, who are being charged under Washington state’s Computer Spyware Act.

The vendors targeted by the lawsuits have not been named yet, but the Washington attorney general (AG) referred to them in a media alert sent out on Friday as “aggressive marketers of scareware – useless computer programs that bilk consumers by using pop-up ads to warn about nonexistent, yet urgent-sounding, computer flaws”.

This is not the first time Microsoft and the Washington AG have teamed up to fight scareware. In 2005 they jointly sued Secure Computer, a security software company they accused of using fake error messages to scare users into buying its Spyware Cleaner software. Secure Computer eventually paid $1m to settle the charges.

The Washington AG has also brought lawsuits against companies such as Securelink Networks and High Falls Media, and the makers of a product called QuickShield, all of whom were accused of marketing their products using deceptive techniques such as fake alert messages.

Fake alert messages can be effective. Last week, researchers at North Carolina State University reported that computer users are highly likely to click on fake Windows error messages. In their study, nearly two-thirds of respondents clicked ‘OK’ when presented with a phony Windows pop-up message.

The use of these fake messages is a growing problem on the internet, said Washington Assistant Attorney General Katherine Tassi last week. Scammers are “getting more and more creative and putting more and more effort into making them look like security messages”, she said.

The most prevalent scareware program in circulation today is software called Antivirus XP 2008, according to Alex Eckelberry, president of Sunbelt Software. Often installed on a PC without proper notification, the software bombards victims with fake security warnings, trying to convince them to buy worthless programs that sometimes even harm their PCs.

The Anti-Malware Toolkit (read about it on the Lunarsoft Wiki) has the programs and tools necessary to remove malicious software like those mentioned in the article.