This one is definitely worth a read. It's a longish article so I haven't quoted the whole thing, but the story is amazing.
Title links to the source. Excerpts below.
'Infections found': Inside the great scareware scam "ONE day in March 2008, Kent Woerner got a disturbing phone call from a teacher at an elementary school in Beloit, Kansas. An 11-year-old student had triggered a security scan on a computer she was using, revealing that the machine contained pornographic images. Worse still, the images had appeared on-screen as the scan took place.
Woerner, who manages the computer systems for the local school district, jumped in his car and drove to the school. Repeating the scan, he too saw the images, alongside warnings that the machine was infected with viruses and spyware that were surreptitiously monitoring the computer's users. Yet a search of the hard drive revealed nothing untoward. Switching to another machine, Woerner visited the security website that provided the scan, and ran it again. Exactly the same number of pornographic images popped up.
Woerner was smart enough to spot the ruse. This was not a genuine security scan. It was nothing more than an animation designed to dupe the unsuspecting computer user into shelling out $40 or so for software to combat a security problem where none existed. For those who fall for it, such "scareware" spells double trouble: not only are they relieved of their cash, but the software they download has no protective effect, leaving them vulnerable to malicious attack."
"In late 2007 Kollberg was tracking scareware that exploited a recently discovered software vulnerability. It allowed unscrupulous developers to slip in things such as pop-up scans into animated adverts. Kollberg noticed that some of the fake scans the animations delivered came from a server registered to IM. The name stayed with him, as organisations pushing scareware do not usually reveal their identities so readily. When another McAfee expert came across a second link to IM, Kollberg decided to investigate the company's servers more closely.
To his surprise, he found the servers were not password protected. It was a security lapse of breathtaking irony for a company that made its money exploiting the security fears of others. More importantly, it meant Kollberg could access the contents of the servers without breaking any laws.The insights were immediate, and damning. For a start, it was not just IM's scans that were fake: the software the company was peddling was too, says Kollberg. He did not find a single example that detected an EICAR test file, a standard piece of programming code which antivirus products are supposed to latch onto to prove they are working. The software also lacked a list of virus "signatures", snippets of code taken from known viruses that security software looks for when searching for threats."
The bolded part is just utterly hilarious. Serves the bastards right for being a/ dishonest and b/ colossally stupid.
There's a short checklist at the end of the article:
How to avoid scareware
• Before buying security software, make sure it comes from a well-known and trusted company. If in doubt, consult a tech-savvy friend.
• If a virus warning appears when you are browsing the web, run a search on the company named in the scan. Many scareware companies are quickly identified this way.
• Make sure you have a firewall installed and turned on. A firewall blocks unauthorised traffic between your computer and the internet, and will prevent scareware from installing itself without your knowledge.
• If you think nasties are already lurking on your hard drive, use the free scans provided by reputable companies like McAfee, Symantec and Microsoft.
• Make sure you keep your security software up to date once you have it installed.
Topic: Awesome computer security scam