News

A message appears on your PC, warning that a virus has been detected. It asks you to "click here for more information," then takes you to a website where you can download — for a fee — software to fix the problem. Thankful, you do so.

You've just been scammed. The computer never had a virus. What you saw was "scareware" — rogue programming designed to play on your security concerns and get you to buy software that does nothing. In fact, what you buy may actually infect your machine with viruses or spyware.

Scareware is becoming an increasingly common problem for small business and consumers.

"It started appearing in 2007, yet was relatively low on the radar," says Derek Manky, a Vancouver-based researcher at security software company Fortinet Inc. of Sunnyvale, Calif.

In the last few months, however, scareware has accounted for about two thirds of all security threats, reversing what had been a slow decline in new malware, according to Fortinet.

"Since July we've seen a sharp increase," says Mr. Manky, "and that sharp increase is due to rogue security trojans."

Big businesses are rarely taken in by scareware because they have full-time information technology security staff and keep their security software updated, says James Quin, senior research analyst at Info-Tech Research Group in London, Ont. Most victims are consumers, but small businesses are also vulnerable, especially if they don't pay enough attention to security, Mr. Quin says.

Many of these rogue applications display highly realistic warning messages from a PC's toolbar at the bottom right of the screen — exactly where legitimate security software would show them. Mr. Manky recommends that PC users check whether the warnings are coming from software they installed before they act.

Clicking on these false warning indictors could install such rogue software as keyloggers, programs that record keystrokes and capture data such as credit card numbers. Scareware may also disable whatever legitimate security software is running on your PC.

When a warning indicator appears, a scareware component is already at work inside your computer. It might have been installed when you opened a spam e-mail containing a small executable file that then loaded the malicious software, Mr. Quin says.

Keeping legitimate antivirus and anti-spam software updated should protect against scareware lurking in spam e-mails. But the bad guys use other tricks, too. One is disguising malware as a browser plug-in that a website tells you is needed before you can view a piece of video or listen to audio.

You should be cautious if a website seeks to install anything on your PC, Mr. Quin says.

Web-filtering software that identifies sites containing malware can steer computer users away from dangerous Web pages, says Fiaaz Walji, Canadian country manager for Websense Inc., a San Diego company that sells Web-filtering software.

When a suspicious warning appears, Mr. Manky says, the best response is to close it by clicking on the toolbar icon from which it appears and selecting "close" from the pop-up menu. Clicking anything in the warning box, even the "X" in the corner, may trigger a download, he says. Users can also press the Control, Alt and Delete keys together and end the offending process using the Windows Task Manager.

The messages may persist, though. If you keep antivirus software updated, Mr. Manky says, it will eventually detect and disable the scareware, but as new variants are issued constantly, this might take time.

If you can identify the scareware — for instance, by the name of the process that appears in the Windows Task Manager — you may find information online on how to remove it. The only other option, Mr. Manky says, is to wipe your hard disk clean and re-install everything.

Fake warning messages are not the only way scam artists entrap victims. Some design professional-looking sites that show up during online searches for security software. Mr. Manky advises against downloading any software unless you know it is from a reputable source.

You can learn more about common rogue applications by searching online, he says. One of the most often reported is "XP Security Center"; a quick search for that will find a plethora of complaints.

But even those who do their research may be fooled. Mr. Walji says scareware creators often post comments on discussion groups and blogs promoting their software by pretending to be satisfied customers.

"People forget how many places are user-generated content," he says.

A powerful safeguard for small businesses is to deny most PC users the administrator privileges that allow them to install software, says Tom Slodichak, chief security officer at security specialist WhiteHat Inc. in Burlington, Ont.

Educating employees about the risks will help, too, he says.

Ironically, however, scareware works partly because people are aware of the need for security.

"The scammers to a certain extent are playing on the fact that we've semi-educated users," Mr. Quin says. "It's perhaps one of those cases where a little knowledge is a dangerous thing."

Special to The Globe and Mail