June 22, 2011

‘Scareware’ Distributors Targeted

12 Nations Coordinate Anti-Cyber Crime Effort

Anti-Virus Pop-Up

One of the most widespread types of cyber scam being perpetrated against consumers these days involves “scareware”—those pop-up messages you see on your computer saying you’ve got a virus and all you have to do to get rid of it is buy the antivirus software being advertised.

And if you don’t buy it? The pop-ups continue unabated, and in some instances, the scareware renders all of the information on your computer inaccessible.

But today, the Department of Justice and the FBI announced “Operation Trident Tribunal,” a coordinated, international law enforcement action that disrupted the activities of two international cyber crime rings involved in the sale of scareware. The groups are believed responsible for victimizing more than one million computer users and causing more than $74 million in total losses.

What is Scareware?

Keyboard with 'Virus' Key (Stock Image)Scareware is malicious software that poses as legitimate computer security software and claims to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase the scareware in order to repair their computers and are barraged with aggressive and disruptive notifications until they supply their credit card number and pay up to $129 for the worthless scareware product.  

Scam #1: The FBI’s Seattle office began looking into a scareware scam, later attributed to a group based in Kyiv, Ukraine, that ultimately claimed an estimated 960,000 victims who lost a total of $72 million. Investigators discovered a variety of ruses used to infect computers with scareware, including consumers being directed to webpages featuring fake computer scans that instead downloaded malicious software. The Security Service of Ukraine (SBU) deployed more than 100 officers as it orchestrated this phase of the operation in conjunction with the German BKA, Latvian State Police, and Cyprus National Police. Results included the execution of numerous search warrants, subject interviews, and seized bank accounts and a server.

Scam #2: The FBI’s Minneapolis office initiated an investigation into an international criminal group using online advertising to spread its scareware product, a tactic known as “malvertising.” According to a U.S. federal indictment unsealed today, two individuals in Latvia were charged with creating a phony advertising agency and claiming to represent a hotel chain that wanted to purchase online advertising space on a Minneapolis newspaper’s website. After the ad was verified by the paper and posted, the defendants changed the ad’s computer code so that visitors to the site became infected with a malicious software program that launched scareware on their computers. That scheme resulted in losses of about $2 million to its victims. The Latvian State Police led this phase of the operation, with the SBU and Cyprus National Police. 


- More than 1 million victims incurred over $74 million in actual losses;
- Two subjects arrested; 
- More than 40 computers, servers, and bank accounts seized;
- 12 countries participating, including United States, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the United Kingdom.

In a true reflection of the international nature of cyber crime, “Trident Tribunal” was the result of significant cooperation among 12 nations: Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Lithuania, Romania, Canada, Sweden, the United Kingdom, and the U.S. So far, the case has resulted in two arrests abroad, along with the seizure of more than 40 computers, servers, and bank accounts. Because of the magnitude of the schemes, law enforcement agencies here and abroad are continuing their investigative efforts.

How to spot scareware on your own computer:

  • Scareware pop-ups may look like actual warnings from your system, but upon closer inspection, some elements aren’t fully functional. For instance, to appear authentic, you may see a list of reputable icons—like software companies or security publications—but you can’t click through to go to those actual sites.
  • Scareware pop-ups are hard to close, even after clicking on the “Close” or “X” button.
  • Fake antivirus products are designed to appear legitimate, with names such as Virus Shield, Antivirus, or VirusRemover.  

And to avoid being victimized, make sure your computer is using legitimate, up-to-date antivirus software, which can help detect and remove fraudulent scareware products.

- Press release
- File a scareware complaint
- More on scareware