Washington State launches anti-scareware suits with Microsoft's help

Perhaps the most malicious act that malware could possibly do -- even more than wreck your system -- is separate users from their hard-earned cash. Now, a new campaign in the state of Washington has named its first anti-hero.

If you've ever perused our FileForum looking for a Windows System Registry cleaner or an undelete utility, even if you tend to trust our posts (and you should), there's a good chance you've found yourself wondering beforehand whether what you're about to download is legitimate. There's a growing industry in fake anti-malware, and many are now saying it's capable of doing as much damage, if not more, than malicious software to begin with.

Yesterday, the Washington State Attorney General's office brought its fifth cause of action against a company called Branch Software, which produces one of the more notorious applications in this category. A-G Rob McKenna is calling out "Registry Cleaner XP" as a scam that uses an unprotected means of sending popup messages over a network in Windows -- indeed, an open exploit -- to alert unsuspecting users of the existence of "critical system errors" that can only be fixed through the download and installation of this product.

"By utilizing Messenger Service-type pop-ups, Defendants cause a large, grey-colored 'window' or 'dialogue box' to appear near the middle of the consumer's computer screen," the latest lawsuit reads, using language intended to describe the situation to novices. That dialog box presents a "CRITICAL ERROR" alert that will, in all cases (note that no actual scan has taken place at this point), report the consumer's Registry is "damaged and corrupted."

A-G McKenna's office has posted a video showing the alleged scam on a machine that had legitimately been scanned and cleaned beforehand (WMV video available here). There, the tester is shown downloading the software, which actually looks a great deal more convincing than the initial Net Send alert box. It appears to be scanning through entries and tallying up potential problems, with the bad news counted in red type.

Once the final tally is revealed, though, the consumer is directed to pay $39.95 for the "full version" of the software that can eliminate the problem. After the transaction is complete, the video shows the tester registering the software with a product key. The software then appears to be cleaning up everything red, replacing it with all green and good news.

In 2005, Washington passed a law making the distribution of spyware a state crime. But "spyware" has had a specific definition, and it could be argued that even fake anti-malware can fall outside of that definition since it may not actually be doing any spying. In fact, besides the Net Send message that Windows doesn't catch, it doesn't really do anything...besides solicit money.

So according to the A-G's office, the law was amended in the last session to cover new and more devious types of software behavior, including false representation of security or protection.

"Through alarmist language seemingly delivered by a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the lawsuit reads. "The conduct of Defendants...violates the Computer Spyware Act...which makes it unlawful for a person who is not an owner or operator of a user's computer to induce an owner or operator to install a computer software component onto the computer by deceptively misrepresenting the extent to which installing the software is necessary for repair of the computer for proper operation."

Over the last few months, BetaNews has discovered what so many of its readers are already too familiar with: a dump truckload of junk anti-malware products, typically in the Registry cleaning and un-deletion categories. Some of it (not Registry Cleaner XP specifically) is actually capable of depositing stealth payloads, which continually nag the user about false system problems, such as "malicious viruses" or "system corruption bug errors."

Yesterday, the A-G's office said Microsoft is helping its effort against fake anti-malware by launching civil suits of its own against Branch Software, in conjunction with the state's civil suits which seek monetary penalties. Branch Software is headquartered in The Woodlands, Texas.

A very similarly named tool, XP Registry Cleaner, is a commercial product (BetaNews has not tested it) produced by a different company, which is apparently not a party to this lawsuit.