back to article Fake antivirus scams: It's a $120m business – and alleged ringleaders have just been frozen

Two groups of companies accused of raking in $120m from fake antivirus scams have been put on ice by a court. The Florida-based businesses distributed free software that scanned computers for malware or performance issues. That software would then make bogus or misleading claims that the machines were infected or broken, …

  1. Fihart

    Now let's clean up download sites.

    I am fed up with trying to download bona fide utilities via the likes of CNET only to be presented with confusing "Download Now" buttons which do not download the program you've selected but try to hijack you to sites selling something similar. The effect is to make me wary of downloading anything.

    A friend has mentioned a program called Ninite as tackling this issue but I'm so cynical I hesitate to let anything but essentials onto my machine -- anyone heard anything good or bad about Ninite ?

    1. Shadow Systems

      Ninite is excellent & above bar.

      They do exactly what they say, don't include spyware of any kind, and are so well done that I have paid for the Professional level to show my support.

      You go through the list of programs the installer supports (and it's a long list), check all the boxes that you want, and click the "Download" button.

      The regular version is just a small auto-fetch file that goes out, finds each of the programs you checked, grabs their latest version, and installs them one by one until it's done. You may need a reboot or two, depending on the software being installed, and a check of Windows Update afterwards is a good idea.

      The Professional allows you to grab specific versions of the program(s) you've checked, so it installs the prefetched versions instead of the latest version(s). This is useful for offline installs (like after reformatting a machine & bringing it up to speed before letting it go online). The Windows Update after is still a good idea.

      In either case (free or Pro), if you run the installer again, it either fetches the latest (if the Free, or the Pro if told to do so) the latest versions, and installs them over the old versions, thus updating you.

      For a free program, you can check off a bunch of software that you normally use, and with a single click of the installer, update all those programs without a headache.

      This is in addition to, not instead of, Windows Update.

      Ninite is definitely an excellent program. They are one of the few companies out there that are worth the effort to support.

      No I don't work for them, I'm just a *very* satisfied customer.

    2. Captain DaFt

      Re: Now let's clean up download sites.

      "I'm so cynical I hesitate to let anything but essentials onto my machine"

      If I'm on a Windows install, the first thing I add is Startup Guard.

      http://www.anvir.com/startup-guard.htm

      It monitors and lists everything that tries to add it self to the startup, giving you the option to allow/deny. A real boon to keeping out nasties that slip in.

      1. Gis Bun

        Re: Now let's clean up download sites.

        Nothing [in Vista or later] adds itself to the Start Up unless you requested.

        Better off with Microsoft/Sysinternals Autoruns which checks everything that is loaded on boot up.

        I use it maybe once a month as part of regular maintenance.

      2. Anonymous Coward
        Alert

        www.anvir.com

        Dodgy Russian site???!!!

    3. mt_head

      Re: Now let's clean up download sites.

      I'd like to second the endorsement for Ninite. Absolutely amazing; one of the many things I love is that they automatically say NO to the crapware that gets bundled with a lot of program updates (no more worrying whether you remembered to un-check the Ask.com Toolbar!)

      As always, exercise some sense in what you choose to download; you should never run more than one antivirus at the same time, for example, but Ninite will cheerfully let you check off AVG, Avast, and Essentials at the same time. Don't do that.

    4. Justin Clift

      Re: Now let's clean up download sites.

      Agreed. These people are scum.

      Some friends and I release updates to our (decently popular) Open Source program every 6-8 weeks (up 1/4 million downloads sometimes).

      CNET has decided to distribute it (ugh)... using our work and effort to spread their malware/crap.

      There needs to be a version of the GNU license that forbids this kind of stuff being done to Open Source Software.

      1. phil dude
        Thumb Up

        Re: Now let's clean up download sites.

        thank you!! I just checked out your site...

        P.

        1. Trevor_Pott Gold badge

          Re: Now let's clean up download sites.

          It isn't my site. Belongs to a tall skinny bloke who's pretty much the nicest man you'll ever meet. Not only is the software amazing, the fellow himself his as excellent as his product.

    5. Trevor_Pott Gold badge

      Re: Now let's clean up download sites.

      Ninite is the only software I recommend 100% without hesitation and to which I will openly admit to being a completely unashamed and unreserved fanboy.

      I am normally viciously against brand tribalism. But we all get one. Ninite is my one.

      1. Khaptain Silver badge

        Re: Now let's clean up download sites.

        I'll give a huge thumbs up to Trevor for this one, it was after reading one of his posts that I discovered who/what ninite.com is.

        Just last night I was helping my parents with an issue and I guided them to ninite.com because it was the only site which I could be sure that they wouldn't by conned into clicking one of those damned false "download now" buttons.

        With Ninite you get what you want not what you dont.

        1. EddieD

          Re: Now let's clean up download sites.

          What the Khaptain said...I use it on all the laptops I supply in my job - I have a standard bundle for all machines, and when they're in for maintenance, I just double click and then go grab a coffee...

          Cheers Trevor!

    6. Gis Bun

      Re: Now let's clean up download sites.

      I wish but good luck. It is shameful that CNet has to rely on some ad system that is showing these fake download links. Exactly why does CNet [owned by CBS] needs money from advertising?

      1. Darryl

        Re: Now let's clean up download sites.

        Sadly it's not just software sites like CNet... I know a lot of people who've made the mistake of Googling 'Java' or similar and clicking the first item on the list - which just happened to be one of the few advertised at the top of the search results. By the time I got involved in one case, they'd filled out the forms with all of their personal info and were wondering if they should buy the 'full support' package, whatever that was.

        1. Fihart

          Re: Now let's clean up download sites.

          @Darryl

          Google's paid-for misinformation.

  2. Tsu Dho Nimh

    Finally!

    I'd see their popups, click yes and be told that my recistry was corrupted beyone repair.

    Linux has no registry.

    1. Number6

      Re: Finally!

      Well clearly they were correct. Your registry was unreadable.

    2. ammabamma
      Facepalm

      Re: Finally!

      > Linux has no registry.

      Never fear!

      I am fairly certain "they" will be adding that feature to systemd shortly...

      1. PNGuinn
        Pirate

        Re: Finally!

        I was under the impression that effectively they already had.

        I was wondering - would mikkysoft have any patents on their registry by any chance? Maybe software patents can *sometimes* be a good thing.....

        >>RUNS FOR HIS LIFE>>

    3. Trevor_Pott Gold badge

      Re: Finally!

      "Linux has no registry"

      Systemd/Linux distributions do.

      1. BitDr
        Thumb Down

        Re: Finally!

        The people who make the fake anti-malware are indeed lower than whale feces. A customer called me about this very kind of manipulative bovine excrement just yesterday.

        Systemd is an insidious evil that needs to be put out of our misery, as does BIOSDEVNAME for named devices (though that could be fixed by remapping them to the original naming scheme), but I digress.

    4. Catweazle666

      Re: Finally!

      My favourite is the phone calls from Asian gentlemen who inform you that they are from Micro$oft and that they have scanned your machine over the Internet and discovered it to be infected and a threat to civilisation as we know it etc. etc. When you string them along a bit, they tell you all sorts of things about what they have found in the registry etc, and tell you to click on the bottom of the bottom left of the screen. I have had quite a bit of fun with them before I finally get bored and tell them I'm running a Mac...

      1. Trygve Henriksen

        Re: Finally!

        I got him confused by first saying I didn't have a 'Windows key' on my keyboard, that it was a very old keyboard, then that I didn't have Internet explorer or Firefox... But that I did have another browser I could start...

        Then he very slowly and painfully directed me towards Teamviewer...

        And I 'sunk his battleship' by claiming that the site told me that my OS was 'not supported,' and I asked 'You are aware that I'm running OS/2, right?'

        CLICK!

  3. Coen Dijkgraaf
    Mushroom

    So the companies might stop trading

    I suspect that some of the people behind the companies are probably already setting up or running new companies doing the same old things.

    <joke>

    The only way to be sure is to nuke them from orbit

    </joke>

    1. Mark 85

      Re: So the companies might stop trading

      Personally, I think you can remove the "joke" tag. I'm all for it and the sooner the better. I've about had it getting calls from relatives, acquaintances, and friends who have been suckered in and now wanting their PC really fixed. I'm thinking of moving across country and getting an unlisted phone.

      1. PNGuinn
        Mushroom

        Re: So the companies might stop trading

        And you can add the anal creeping scum who keep phoning me up telling me there is something wrong with my windows computer. For no good purpose I'm sure.

        I so roundly abused one of 'em recently for the insult that he was in tears at the end of it.

        Sod my flying car - all I want is to be able to use a cattle prod down the plone line.

        1. kain preacher

          Re: So the companies might stop trading

          I had guy call me up and some how I pissed him off. H e said are you farking(think farking ice holes ref with me. I didn't get it the first he said you heard me you think you are smarter then me. I said why yes I am I've done real IT work, oh and ye the why this phone call is being recorded. He finally hung up when I implied I worked for the FBI.

          1. Darryl

            Re: So the companies might stop trading

            Bastages. Cork soakers. Always bullshteining you.

        2. Catweazle666

          Re: So the companies might stop trading

          Even more fun when you're running a Mac.

          I find winding them up quite amusing actually!

    2. Turtle

      @Coen Dijkgraaf

      "<joke>The only way to be sure is to nuke them from orbit</joke>"

      Or, let's say, confiscate the proceeds of the swindle and put the perpetrators in prison for a long, long time.

      1. Trevor_Pott Gold badge

        Re: @Coen Dijkgraaf

        "Or, let's say, confiscate the proceeds of the swindle and put the perpetrators in prison for a long, long time."

        Piercing the corporate veil. In Florida. Ahahahahahahahahahahahahaha...

  4. Yet Another Anonymous coward Silver badge

    And this is different from

    Every piece of enterprise software - how ?

    I'm currently 'hosting' sales consultants from a number of ERP vendors to choose which bottomless bit of pain and misery we are going to throw money into. When Microsoft are the LEAST sleazy supplier by a mile you know it's bad.

  5. James O'Shea

    I know them

    They're just down the way from me, in Boca Raton and Delray Beach. The Palm Beach Post had a quite amusing (if you're not employed there) story last week and a followup on Monday.

    http://www.mypalmbeachpost.com/news/news/crime-law/ftc-police-raid-local-computer-tech-support-compan/nh6yC/#__federated=1

    http://www.mypalmbeachpost.com/news/business/how-feds-say-delray-beach-firm-tricked-customers/nh8w7/

    Some of the good ol' boyz were located in the T-rex complex at Congress and Yamato. (Yes, there's a major road in Palm Beach County, Florida, named for a Japanese battleship and/or 'the spiritual and cultural virtues of the Japanese people'. Long story. Money was involved. This _is_ Corruption County, Florida, after all.) T-rex used to be where IBM Boca Raton built IBM PCs/XTs/ATs/etc. Gotta love it.

    1. Florida1920
      Childcatcher

      Re: I know them

      @James O'Shea

      Hi neighbor! (--Martin County)

      The Yamato Colony was an attempt to create a community of Japanese farmers in what is now Boca Raton, Florida, early in the 20th century. With encouragement from Florida authorities, young Japanese men were recruited to farm in the colony. Because of various difficulties, the colony never grew very large, and gradually declined until it was finally dispersed during World War II. . . .

      The Yamato Colony is remembered today in Yamato Road, a major street in Boca Raton, and in Morikami Park and the Morikami Museum and Japanese Gardens.

      http://en.wikipedia.org/wiki/Yamato_Colony,_Florida

      1. James O'Shea

        Re: I know them

        See? Government money was involved. It's been Corruption County for a _long_ time.

  6. Anonymous Coward
    Anonymous Coward

    But the outcome won't stop the crims

    The Feds will settle for a $10 or $20 million settlement and the crims will keep the other $100 Million and start a new scam under a different name next week while it takes years for the Feds to catch on. Then the new company will pay a token fine and keep the majority of money and do it all over again. Consumer fraud is a multi Billion dollar annual windfall for crims. Until these crims go to prison for 20 years and pay treble damages for all funds collected, it pays to be a crim and it pays really, really well.

    1. Trevor_Pott Gold badge

      Re: But the outcome won't stop the crims

      Incorrect. The company will be shut down, its asset seized. if it is deemed a criminal endeavor then anything they haven't managed to effectively launder and hide will be pursued by the cops. They will use civil forfeiture laws to seize every stitch of property that the people in question have in the USA, down to the clothes off their backs.

      But they won't be going to jail. That would be piercing the corporate veil. Muchos big nono, especially in a red state, and doubly especially now that money = speech and judges are elected in that country.

      So the individuals in question will be stripped of everything they own in the USA. But if they had 12 brain cells to rub together, they have a fuckpile of the stuff offshore. Without a criminal record, they can basically move to Costa Rica, transfer enough of the money out of their Caymans (or Russian) accounts to live well and retire.

      Whatever's left they can use to remotely fund another, similar scheme with the "lessons learned" from this one, and pay extra special attention to how they launder their money.

      The chances of these guys going to jail in the USA are pretty damned close to zero.

  7. Morrie Wyatt
    Coat

    Or maybe?

    Couldn't we just defenestrate* the lot of them?

    That would get them out of Windows.

    (* From the thirteenth floor at minimum for luck, or from orbit just to be sure.)

  8. pierce

    I think convicted major computer hackers should loose fingers, a number in proportion to their crime. lets see them type with their stumps.

    1. oneeye

      Voice control !! Don't need fingers,and or like usual,hire others to do the dirty work.

  9. Tannin

    Too little too late

    So a few of the scum are being prosecuted. All very well, but WTF have the authorities been doing for the last two years? FFS, this scumware has been around and widely known to anyone in the trade - certainly anyone working on the front line of support and security - for a very, very long time, and nothing whatsoever was done about it. It's good to see the scum merchants shut down, but this is IT, it is the 21st Century: we need to see action against this sort of large-scale fraud on a reasonable timescale. 18 months doesn't cut it.

  10. Conrad Longmore
    Mushroom

    Floriduh

    Florida again. Can we just nuke the whole state from orbit? It would make the world a better place.

    1. Curtis

      Re: Floriduh

      Some of us were born here and like it here. Don't blame us for the transplants that come here to take advantage of the weather and our residents.

  11. Anonymous Coward
    Anonymous Coward

    Anyone know what the current status is of the FTC v Boost Software Inc.lawsuit, or where I can find out about it.

    Thanks

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like