Feds crack multi-million scareware ring

[Corrine]

The Department of Justice and the FBI have cracked an international scareware ring believed to have scammed over $72m (£45m).Operation Trident Tribunal seized more than 40 computers and servers and arrested two people in Latvia. 22 computers were seized in the US along with 25 machines in France, Germany, Latvia, Lithunia, the Netherlands, Sweden and the UK.The gang screwed money out of more than a million victims. They installed software on their computers which falsely claimed to have detected viruses or malware. The gang then took payment for supposedly cleaning up the machines.About 960,000 machines were infected with the scareware and $72m ($45m) extracted from worried users.

Complete article: Feds crack multi-million scareware ring • The RegisterLink to FBI Press Release: FBI — Department of Justice Disrupts International Cyber Crime Rings Distributing ScarewareThis is a start but I don't hold much hope for this slowing down the rogues.

[ChipDoc]

This is a start but I don't hold much hope for this slowing down the rogues.

It's even a GOOD start, but I have to agree with you. For one thing, there are likely tens (if not hundreds) of thousands of perpetrators around the world - the distance from my computer room to the living room is exactly the same as the distance from my computer room to Ulan Bator, after all.But the other thing is this: Those folks who downloaded a "tool" to rid their machines of "spyware" almost certainly DID have actual spyware on their machines. How many legitimate products have you downloaded which simply didn't work? Were any of those vendors prosecuted for fraud?So how to tell the scammers from the merely incompetent?

[Corrine]

Unfortunately, it is not a matter of people intentionally downloading the rogue, rather a result of a drive-by, SEO poisoning, "malvertising". When hit, clicking anywhere on the scareware "pop-up" telling them they are infected is the same as clicking "yes" to the install.

[ChipDoc]

Unfortunately, it is not a matter of people intentionally downloading the rogue, rather a result of a drive-by, SEO poisoning, "malvertising". When hit, clicking anywhere on the scareware "pop-up" telling them they are infected is the same as clicking "yes" to the install.

So your best bet is to close the box using the Task Manager?

[zlim]

I close the browser using the task bar. I assume the popup dies when the browser dies.The next thing I do is start a quick MBAM scan. (I do this anytime something doesn't seem right.) I haven't gotten any of those popups but I have had a few weird things happen from time to time.

[Corrine]

I'd try Alt + F4 first to close the window/application focused on, in this case the browser.

[zlim]

I'd try Alt + F4

Thanks. I learned a new key combo. I have to admit, I'm more of a mouser than a keyboard person so what keys do things I generally do not know.

[Tushman]

Thanks. I learned a new key combo. I have to admit, I'm more of a mouser than a keyboard person so what keys do things I generally do not know.

Alt + F4. Works great for shutting down any application. Including windows itself. :)I agree that hitting the 'X' button on the browser in these types of situations is probably the least preferred. I've seen a lot of scum bag artists design the site so that when the 'X' is clicked on, it produces more popups or generates a new IE session.I usually kill it via the task manager. But Alt + F4 works just as well. Edited June 27, 2011 by Tushman

[Corrine]

You're right, Tushman. The rogues are designed so that clicking anywhere on the pop-up will result in downloading the rogue. Although from three years ago, Jesper M. Johansson's article, Anatomy of a malware scam, is a good example, particularly, on page 4.

[frapper]

Good article, Corrine. I passed it on to a clueless friend.