Scareware pushers have upped their cheating techniques are and now offering live chat and localization for their deceptive products. Security researchers reveal that technical support is provided by real people.
Scareware, also known as rogueware, refers to malicious applications that pose as legit antivirus products and try to convince users to pay for license fees. To achieve this they employ scare tactics which involve displaying fake security alerts and claiming that computers are infected with fictitious threats.
However, a new scareware variant called “Security Master AV” and discovered by security researchers from Kaspersky Lab takes the deception to whole new levels. The antivirus vendor warns that not only does the interface display an online Support button, but it is actually completely functional.
“Pressing Support takes you into a live chat with the rogue AV Tech Support. We wondered whether it was a bot answering questions based on keywords or real people – and yes, they turned out to be real!,” Nicolas Brulez, malware expert at Kaspersky,
writes on the company's blog.
The researchers also found that while the live chat is English only, the scareware pushers offer e-mail support in other languages as well. Additionally, in order to convince users that their program is not a scam, they offer a one-day trial version which is able to clean the fake threats the limited variant detected.
The social engineering goes even further. To uninstall the original “free scanner” and replace it with the trial version, the technical support people provide users with a special uninstaller, which apparently doesn't work as advertised and leaves files behind. However, the more interesting aspect is that when the uninstall process is done, the user is taken to a website asking them to provide feedback, not unlike many legit software vendors do.
And if that's not convincing enough, the product is also localized according to the language of the operating system on which it is installed, another feature mimicking the behavior of many modern applications. With some social engineering of their own, the Kaspersky experts were able to trick the scareware tech support staff into revealing hints about their location. Based on these findings, they conclude that the operation is most likely run out of Russia or Ukraine.
“I tried their support at 4am and they were indeed answering questions, proving that their support is indeed 24/7. They are offering support by email, chat, and phone and are very well organized. You can get uninstallers for older variants of their product, and also trial versions for their newer products,” Mr. Brulez concludes.
You can follow the editor on Twitter @lconstantin
Find us on Google+
