Scareware's pitches for fake security show up in odd places

— -- Scareware has become the scourge of the Internet.

Those deceptive promotions crafted to panic you into spending $30 to $80 for worthless antivirus protection can hit you just about anywhere you turn on the Web. They arrive as booby-trapped Web links in e-mail and social network messages. They lurk hidden, and set to activate, when you click to popular, legitimate websites.

And now scareware purveyors are embedding triggers in places you wouldn't expect: on advertisements displayed at mainstream media websites; amid search results from Google, Yahoo Search and Windows Live search; alongside comments posted on YouTube videos; and, most recently, in "tweets" circulating on Twitter.

"Scareware is becoming a dominating force," says Joe Stewart, director of SecureWorks Counter Threat Unit. "There are hundreds of criminals using every tactic they can think of to push these programs."

Click on a trigger and you'll get caught in an unnerving loop impossible to abort. A scanner window will appear with red-letter warnings listing viruses purportedly infesting your hard drive. A series of dialogue boxes will follow giving you choices that all lead to the same screen: a sales pitch.

Make the purchase, and you get a bogus inoculation. Try to cancel it, and you'll get repeated offers. "It's like stepping into quicksand," says Paul Royal senior researcher at security firm Purewire. "The more you try to get out of it, the deeper you sink."

Scareware has been a prominent part of the Internet since 2004, when a cybergang based in St. Petersburg, Russia, launched the iframecash.biz website and began offering commissions to anyone who helped them spread the SpySheriff fake antivirus program. Hackers began to taint legitimate websites so that pop-up ads for SpySheriff would launch on the PC of anyone who visited a corrupted Web page.

That simple arrangement has evolved into a steadily growing industry that marked a banner year in 2008. By late last year, more than 9,200 different types of scareware programs were circulating on the Internet, up from 2,800 at midyear, according to The Anti-Phishing Working Group. Microsoft recently reported that scareware infections rose 48% in the second half of 2008 vs. the first half. Microsoft analyzed data collected by use of its Malicious Software Removal Tool and found one specific fake security program on 4.4 million PCs.

"These guys are very innovative," says Roel Schouwenberg, senior virus researcher at Kaspersky Lab. "They're constantly looking for newer and easier ways to make money."