So there I was, minding my business this morning, browsing through the Cheezburger family of sites using Firefox, when all of a sudden I get a warning from Ad Aware that there’s a suspicious process (a keylogger) running on my computer and that it was running a scan in the background.
Of course, it wasn’t really Ad Aware telling me that. It was something calling itself XP Antimalware. (It’s hard to keep track of its various names but that’s the one it used on this occasion.) It really gave itself away when it popped up a fake Windows Internet Security window with completely wrong settings. It’s an interesting little bugger. It’s what’s known as a “rogue scanner” or scareware, which is an anti-virus or anti-spyware program that attempts to trick you into buying a full version of the program by popping up numerous warnings that your system is infected. It also sort of highjacks your existing anti-virus or anti-spyware programs — I couldn’t run Ad Aware from the Start menu, for example, because XP Antimalware would start running instead. Stopping the process in the Windows Task Manager and then clearing my cache and running Spybot cleaned up everything.
I have to reluctantly admire the manufacturers of the program. It mimics Windows messages and dialog boxes really well, which is why they are so successful at making money at this. People no doubt panic slightly when they see the initial message, and then even more so as the fake scanner pops up and lists dozens of infected files on their computer. And in their panic, they agree to buy a license for the scareware program.
The lesson to be learned from that is that people really need to be more aware of what their legitimate anti-virus, anti-spyware, and security programs look and behave like…and don’t click anything that you don’t recognize.