Call it what you will – the rise in this decidely annoying and pernicious class of software nuisance has reached mainstream media. For the last 18 months I and colleagues have come across a raft of these applications such as Antivirus 2009 that claim to be detecting viral payload on machines – when in fact they are just a cover to get themselves installed on machines and also to get money and credit card details out of punters.
When you hear about this phenomenon on a national radio station you have to think just how wide spread this is. I’d say I’ve personally dealt with at least a dozen cases – so easier to dispatch than others and have noted the authors targeting of the tools used to remove and prevent these pests from lingering.
Why are the antivirus suppliers not on top of this issue ? I’ve heard a response from a supplier based in the UK in the last week which startles me.
“Scamware is not viral so therefore we don’t detect it”
This is rubbish !! The first virus I ever came in contact with was the AIDS virus
December 1989: an incident with a “Trojan horse” called “AIDS”. 20,000 copies were shipped on diskettes marked as “AIDS Information Diskette Version 2.0”. After 90 boot-ups the “Trojan” program encrypted all the filenames on the disk, making them invisible (setting a “hidden” attribute) and left only one file readable – bill for $189 payable to the address P.O. Box 7, Panama. The author of this program was apprehended and sent to jail.
Whats the difference between this and the current spate of scamware ? This didn’t replicate – it was sent to users directly. The scamware is being picked up from infected sites and downloaded by users unaware of the damage it will do.
Yesterday I saw a scamware package trigger when it saw me downloading an antinvirus package from a legitimate site !!!!
So what has to be done is to raise the profile of these scamwares packages – educate users and cut of the means of funding to the criminals who are behind this.