In association with heise online

16 April 2010, 17:47

Scareware: Nocebo instead of placebo

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Logo The term nocebo is used to describe the opposite of the placebo effect: although the pill has no active ingredients, the patient's health deteriorates in response. In its forthcoming study entitled "The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution", Google rates the effect of scareware in a similar way: doesn't do anything, but causes the state of the PC (or that of its user) to deteriorate regardless. Google plans the first presentation of the study for the Usenix "Workshop on Large-Scale Exploits and Emergent Threats" at the end of April.

According to Google, scareware now accounts for 15% of all the malware found online – and the share is said to be steadily increasing. Scareware makes users believe that their systems are infected by trojans and viruses. The programs then try to coax users into buying a full version of the program to remove the alleged viruses and continue to issue frequent disruptive alerts if the user does not immediately comply.

Google says it examined 240 million web pages that were rated suspicious by its "malware detection" infrastructure. According to the study, eleven million domains were involved in the distribution of scareware in the past 13 months. More than half of all the malware deployed via advertising banners was apparently fake anti-virus software. Google says that this represents a five-fold increase from just a year ago.

The latest scareware incident causing large-scale media coverage involved infected advertising banners at German news sites and which exploited browser holes to install scareware. Special JavaScript code hidden in the advertising banners by criminals loaded further code in an iFrame which, in turn, linked to another page where the Neosploit exploit toolkit tested systems for various holes in the plug-ins for QuickTime, Java and Adobe Reader.

However, scareware doesn't necessarily have to be injected into the computer; often, running a fake virus scan on a web page is enough to trick users into downloading and installing an alleged anti-virus program. One reason why it is difficult to protect systems against scareware is that users tend to panic. Google recommends that users only install software provided by well-known anti-virus vendors.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit