Scareware Scam With Latvian Ties Finds Nearly a Million Suckers

scareware scammer.jpg
"Attention! Threats found." The Web-savvy among us may know that if they see such a message screaming at them from a pop-up screen, the biggest threat is likely to be the software--or "scareware"--that's embedded in that very screen. But a lot of people--960,000 to be precise--are not that Web-savvy, and got suckered into a huge scareware scam that is under investigation by federal authorities including the U.S. Attorney's office in Seattle.

And who can blame the suckers? Take a look at this picture of one of the various pop-up screens used in the scam.


See down below, where it says "please click 'remove all' button to heal all infected files and protect your PC." And then see the big, eye-catching button. Wouldn't your first impulse be to click it and make the darn thing go away?

Unfortunately, those who did so unwittingly downloaded malicious software that tied up their computers with more warnings and didn't stop until the computer users agreed to purchase fake anti-virus software at a cost of up to $129. The scammers racked up $72 million that way, according to the feds.

So just who are the scammers? It's as yet unclear. Yesterday the feds announced that they had seized 47 computers and servers linked to the scam. At least one was in Seattle, according to Emily Langlie, a spokesperson for the U.S. Attorney here. The locations of the others spanned the country and indeed the globe.

The feds aren't saying who the suspected scammers are. But clearly there's a big connection to Latvia, one of the Baltic states that used to be part of the Soviet Union. The announcement notes that Latvian authorities seized five bank accounts that accumulated profits for the "scam's leadership."

And in the same release, the feds claim that they have cracked another scareware scam. That scam, described in an indictment unsealed yesterday in Minneapolis, worked through a fake hotel ad that ran on the Minneapolis Star's website. The "ad" worked just fine when the publication's staff tested it. But after it began running, the scammers changed the code so that it inflicted scareware on viewers.

The feds have charged two suspects in that case, Peteris Sahurovs and Marina Maslobojeva, both in their early 20s and both, interestingly enough, from Latvia.

Follow The Daily Weekly on Facebook and Twitter.

comments powered by Disqus