I came across a fascinating article in Wired’s online edition about two scammers who promote “scareware”: those inferior antivirus programs designed to rid users of fake viruses they tell you about through fake pop-ups. And once you install them, you get a virus.
This paragraph struck a chord:
But those troubles didn’t do much to stifle IMI’s scare campaign. Starting around 2007, the company cranked up both its aggression and its ingenuity. Leading advertising networks had banned IMI, so the company set up a series of fake online ad agencies that placed banners on popular websites, including those of The Economist, eHarmony, and Major League Baseball. IMI embedded the ads with hidden code, so if someone from inside the hosting site’s offices looked at them, they saw appeals from mainstream companies like Travelocity, Priceline, and Weight Watchers. But if regular users viewed the ads, they saw quickie come-ons for used cars or diet pills. When consumers clicked on an ad, it would redirect their browser to a site selling antivirus software or, worse, trigger an auto-download. All the while, IMI was engaged in an arms race against established antivirus companies, continually tweaking its software to make it unrecognizable to the databases of known threats.
In 2007, we had come across these very ads. Luckily, we caught them within hours of their surfacing on our sites, thanks to browsing the pages ourselves, and using proxies to see what people overseas could be viewing. We removed all banners from the affected ad network, replacing them with ads from another one. The ad network who fed the ads to us removed the ads ASAP. Four years on, we discover who was behind them.
Not that we can blame the ad network. The actual ads looked legit: the ones I remember pretended to be from Careerbuilder. Unfortunately, when they loaded, it launched one of IMI’s websites with a fake virus scan.
I tended to be more fortunate, as I customized my machines enough so that the standard fonts do not display—though I got caught out earlier this year with one fake ad with a defrag alert, on my laptop, where I had not removed Segoe as the default UI font in favour of one of our in-house ones.
The two blokes behind IMI are on an Interpol most-wanted list, though that’s just the tip of the iceberg.
There are plenty more following in their footsteps, as I’ve noticed that these sorts of ads have continued. Panda Security, the article reveals, estimates that the number of phony antivirus programs has leapt from 92,215 in 2008 to 3,084,410 last year. Fortunately, as far as I know, advertisements for these programs, and the fake virus alerts that accompany them, haven’t surfaced on the ad networks we’re using. We’ll keep monitoring.