RSSWashington State launches anti-scareware suits with Microsoft's help
By Scott M. Fulton, III | Published September 30, 2008, 11:44 AM
Perhaps the most malicious act that malware could possibly do -- even more than wreck your system -- is separate users from their hard-earned cash. Now, a new campaign in the state of Washington has named its first anti-hero.
If you've ever perused our FileForum looking for a Windows System Registry cleaner or an undelete utility, even if you tend to trust our posts (and you should), there's a good chance you've found yourself wondering beforehand whether what you're about to download is legitimate. There's a growing industry in fake anti-malware, and many are now saying it's capable of doing as much damage, if not more, than malicious software to begin with.
Yesterday, the Washington State Attorney General's office brought its fifth cause of action against a company called Branch Software, which produces one of the more notorious applications in this category. A-G Rob McKenna is calling out "Registry Cleaner XP" as a scam that uses an unprotected means of sending popup messages over a network in Windows -- indeed, an open exploit -- to alert unsuspecting users of the existence of "critical system errors" that can only be fixed through the download and installation of this product.
"By utilizing Messenger Service-type pop-ups, Defendants cause a large, grey-colored 'window' or 'dialogue box' to appear near the middle of the consumer's computer screen," the latest lawsuit reads, using language intended to describe the situation to novices. That dialog box presents a "CRITICAL ERROR" alert that will, in all cases (note that no actual scan has taken place at this point), report the consumer's Registry is "damaged and corrupted."
A-G McKenna's office has posted a video showing the alleged scam on a machine that had legitimately been scanned and cleaned beforehand (WMV video available here). There, the tester is shown downloading the software, which actually looks a great deal more convincing than the initial Net Send alert box. It appears to be scanning through entries and tallying up potential problems, with the bad news counted in red type.
Once the final tally is revealed, though, the consumer is directed to pay $39.95 for the "full version" of the software that can eliminate the problem. After the transaction is complete, the video shows the tester registering the software with a product key. The software then appears to be cleaning up everything red, replacing it with all green and good news.
In 2005, Washington passed a law making the distribution of spyware a state crime. But "spyware" has had a specific definition, and it could be argued that even fake anti-malware can fall outside of that definition since it may not actually be doing any spying. In fact, besides the Net Send message that Windows doesn't catch, it doesn't really do anything...besides solicit money.
So according to the A-G's office, the law was amended in the last session to cover new and more devious types of software behavior, including false representation of security or protection.
"Through alarmist language seemingly delivered by a trusted source, Defendants misrepresent the extent to which installing the software is necessary for repair of the computer for proper operation," the lawsuit reads. "The conduct of Defendants...violates the Computer Spyware Act...which makes it unlawful for a person who is not an owner or operator of a user's computer to induce an owner or operator to install a computer software component onto the computer by deceptively misrepresenting the extent to which installing the software is necessary for repair of the computer for proper operation."
Over the last few months, BetaNews has discovered what so many of its readers are already too familiar with: a dump truckload of junk anti-malware products, typically in the Registry cleaning and un-deletion categories. Some of it (not Registry Cleaner XP specifically) is actually capable of depositing stealth payloads, which continually nag the user about false system problems, such as "malicious viruses" or "system corruption bug errors."
Yesterday, the A-G's office said Microsoft is helping its effort against fake anti-malware by launching civil suits of its own against Branch Software, in conjunction with the state's civil suits which seek monetary penalties. Branch Software is headquartered in The Woodlands, Texas.
A very similarly named tool, XP Registry Cleaner, is a commercial product (BetaNews has not tested it) produced by a different company, which is apparently not a party to this lawsuit.
One of my clients fell for XPAntivirus2009 (or something like that) and purchased it with her credit card, thinking she was doing the right thing.
Some overseas company proceeded to charge her credit card 4 times for $97.
Edit- by the way, this type of stuff is really easy to remove.
1. disable system restore
2. run Malwarebytes Anti-malware
3. run AVG 8.0
4. reboot and run Malwarebytes again.
These 2 softwares (at least for now) seem to just mow this garbage down no problem.
Score: 0
|Speaking of malware and such--this is the ad at the bottom of my comments page
"PC Advisor has detected Windows XP.
Your PC is ready for a two minute system tune up.
Click 'Next' to begin."
You think they'll want some money after I'm done running PC Advisor?
Score: 0
|it's so true...!
i've made my concerns about it that link too to betanews. but i guess pressing the delete key was cheaper...
Score: 0
|I hope the XP Registry Cleaner and everything like it gets run out of business!
except I do make a pretty penny cleaning up their messes.........
Score: 0
|Looks like guys like PC_Troll & Hollywod_ are in trouble. How else are they going to make a living?
Score: 0
|Same way I always have. By running a business.
Stopped making burgers a *long* time ago...you should try it sometime.
Score: 0
|Having run a business here for many years, truth is, Washington State just doesn't want any competition in the "separating people from their hard-earned cash" game.
Score: 0
|My Machine has been attacked by XP Regestry Cleaner as well Regestry Cleaner XP and in both cases my only option to remove their crime ware was to delete/reformat/reinstall windows XP as I refused to pay their ransom demands ( I use ransom because they want money to remove their crimeware from your computer) I hope and pray this court action will shut them down or at least make them adhere to proper rules and laws fopr selling their software.
Score: 0
|There are easier ways to remove the software... the only ones that are a PITA are the ones that actually encrypt your data and hold it to ransom. Registry Cleaner XP does nothing like that, and is easily removed with a bit of know-how. :p
Score: 0
|third party freeware should always be considered suspicious.
one has to research questions like:
why is it free, should it not be costly for the business to engineer it?
if costs are subsidized by their software for profit, then why don't other companies like Microsoft, Norton, etc provide freeware versions of their money ware as well?
what do i give in return to subsidize the companies costs for making the freeware?
does the benefit of the freeware outweigh the risks?
what country does the freeware come from?
are the reviews and comments to good to be true and likely from the freeware representatives masquerading as valid users?
what does the terms of use and their privacy statement claim to provide?
if they have a patent then what was the technological breakthrough that needed protection or secrecy?
-----------------
i am sure more revelations will be forthcoming.
Score: 0
|"third party freeware should always be considered suspicious...
why is it free, should it not be costly for the business to engineer it?"
While I can't disagree, I wonder what the open source community will say if they bother to read this?
;-) ;-) ;-)
Score: 0
|Yeah, damn that Ubuntu malware. :p
Score: 0
|I have had to remove this form of system choking crapware and installer hitchhiking toolbars from a disturbing number of PCs for other people over the past decade or so.
Truly aggravating.
Score: 0
|"There's a growing industry in fake anti-malware, and many are now saying it's capable of doing as much damage, if not more, than malicious software to begin with."
I would consider fake anti-malware to be malicious by definition.
Score: 0
|Wait...
I thought MSFT was Evil™?
Don't they *want* you to have to buy a new computer (with a new license of Windows) every time you get a virus??
Score: 0
|They are! ;-)
And they don't need malware - not when they have new versions of their OS requiring HW upgrades... ;-)
Besides, its too difficult for the average person to distinguish differences in performance between a 'clean' and an infected machine.
;-) ;-)
Score: 0
|And they don't need malware - not when they have new versions of their OS requiring HW upgrades... ;-)
You act as if that's a bad thing. You do recall that XP is over 6 years old, right?
Oh, right, you can run AIX on 12 year old hardware...I keep forgetting you can't separate the consumer desktop OS from the Enterprise OS locked in closets and IT back-rooms. ;)
Besides, its too difficult for the average person to distinguish differences in performance between a 'clean' and an infected machine.
Maybe for you. In fact, I reloaded my wife's laptop last night. Got rid of XP and put Vista SP1 on it (it came originally with Vista PreSP1..which I promptly dumped in favor of XP). She immediately noticed that it booted faster, Office 2007 applications loaded faster than their 2003 counterparts when XP was on it...she is quite happy with it, even with DWM enabled (which surprised even me, given it's a lappy with an integrated GPU).
Score: 0
|Wow you need new hardware for a new OS you make it sound like this is some new concept. Come on you can do better than that.
You can't tell the differenece between a clean and infected machine what a load of crap.
Score: 0
|"capable of doing as much damage, if not more, than malicious software to begin with."
Oohhkayyy....
Score: 0
|I've had friends bring me their systems with this kind of junk, and there are some that truly are hard to remove completely, and its easier to just format and re-install to truly have piece of mind that it is gone forever. One of them put a background on your computer where it is red colored and apocalyptic feeling in nature. That is the worst one to fix, and drops 3 new icons on your desktop to scan and protect your system, though it is just more malware.
Score: 0
|I know how to solve this problem, and everybody will be happy... but I'm not tellin
Score: 0
|