Authorities urged to step up scareware crackdown

Authorities have been urged to crack down on scareware

Law enforcers and regulatory authorities were urged today to crack down even harder on companies selling so-called scareware, or risk these threats increasing through 2009.

Scareware is software advertised by fraudulent firms which falsely claims that it can remedy what turn out to be non-existent threats.

According to web security-as-a-service firm ScanSafe, scareware comprised four per cent of web-based malware blocks in 2007, dropping slightly to three per cent in 2008. However, security firm Sophos detected on average five new scareware sites a day this year.

Last week the Federal Trade Commission (FTC) won a restraining order to prevent Innovative Marketing and ByteHosting Internet Services, both scareware vendors, from continuing to trade.

But such cases remain just the tip of the iceberg, according to ScanSafe senior security researcher Mary Landesman.

"Large numbers of users are trusting scareware scams as fraudulent companies are using increasingly sophisticated techniques to lure users into downloading the software. Some of the scams we have seen are branded 'Antivirus 360' and look extremely convincing," she said.

"The FTC should be applauded for its recent progress, but there is still a considerable amount of work to be done in the regulation of these scams."

Corporate users could be at risk if they fall for these scams as a large amount of scareware is able to bypass traditional signature-based scanners, while there is also the chance that some scareware could contain malware.

Thomas Herbert, product manager at hosting firm Hostwa y, warned that web site owners as well as end users need to exercise caution.

"Web site owners need to constantly check their sites to make sure that they are not inadvertently hosting banner adverts containing scareware, as it will simultaneously damage their credibility and lead to disgruntled users," he said.