05.26.11

Scareware comes to the We Fart Sunshine crowd

Posted in Cyberterrorism at 11:49 am by George Smith

From the wires:

The fact that Mac users have fallen victim to “scareware” scams — the kind that have long plagued Windows users — shouldn’t come as a surprise … Mac users, for all their pretensions otherwise, are as fallible as the next person.

What is surprising is that it took so long.

The story references MacDefender, scareware that works exactly likes the Windows malware it’s modeled on.

How does it wind up on Mac systems?

Simple. The user winds up on a malicious website that puts up a phony message that their system is infected.

Want us to clean it up for you, huh, huh?

[Click]

And MacDefender is installed. Then the extorting begins.

It’s a big money business on Wndows machines.

Anyway, scareware — been there, done that, as part of my ‘research’ for what would become “The Virus Creation Labs” book.

It was fifteen years ago and there was no way to monetize such programs. There was no global on-line payment network, nothing like that on the early Internet. Instead, much of the action in cyberspace could also be found on old antique things like the Fidonet and Usenet.

Urnst’s Scareware programs weren’t malware. They didn’t do anything but display virus-like activity on the monitor.

But because they were made to deceive users, anti-virus software developers immediately put detection for them as viruses into their scanners.

Today, anti-virus scanners will still detect them as viruses. If you click on the link and your anti-virus scanner is programmed to look inside archived files, it will give you a warning. If you extract the files — you won’t be able to run them unless you can open a DOS box — your scanner will have a fit.


In 1994 most malware still spread only two ways, one very slow, but efficient. Puckishly called “sneaker net,” it was by sharing floppies and diskettes.

The other way, which was how Urnst’s Scareware circulated, was basically the same way Mac scareware spreads. You had to be tricked into downloading and running it from bulletin board nodes.

4 Comments

  1. bonze blayk said,

    May 26, 2011 at 12:01 pm

    “… old antique things like … Usenet.”

    Dick, cut it out!

    You are making me feel so… antique. *sob*

  2. George Smith said,

    May 26, 2011 at 12:38 pm

    When I fired those things up in DOS to see if they still worked I felt antique.

  3. mikey said,

    May 26, 2011 at 5:55 pm

    :::knock knock:::
    Virus Police. We want to talk to Urnst.
    You want to talk to my cat?

    I feel like my age is out for general inspection as well…

  4. George Smith said,

    May 27, 2011 at 6:20 am

    Your memory is still very good, though. ;)