Police Foil Rogue Anti-Virus Scam

The Metropolitan police e-crime unit has closed down 19 websites, used by scammers to trick unsuspecting Windows users into paying £185 for an anti-virus subscription they don’t need.

According to a report in the Guardian newspaper, victims received a call from a call centre in India, claiming to be from tech support. They were told there was a problem with their computer, and directed to download a program called “Windows Event Viewer”, which displays a list of viruses that have apparently been “infecting” their PC.

Victims were then asked to download software which gives the scammers remote access to their computer, allowing them to pretend to install fixes for the fake viruses, before charging £185 for the service subscripton.

Ongoing battle

The police succeeded in shutting down some of the sites in April, including supportonclick.com, run by Pecon Software in Kolkata. However, the company has since set up another “support website”, called onlinepccare.com.

Pecon’s customer relationship manager, Vikas Gupta, told the Guardian that the firm employed 400 people, of whom about 200 worked in telesales – cold calling to generate business for remote PC support. He denied that callers had claimed to be from Windows tech support, but admitted there had been “a couple of instances” where his employees “did try to influence the customer” to persuade them they were from Microsoft.

Microsoft has issued some online safety advice on its website, stating that the company “does not make unsolicited phone calls to help you fix your computer”. It says that all unsolicited phone calls should be treated with skepticism, and that customers should not provide any personal information.

“If you receive an unsolicited call from someone claiming to be from Microsoft Tech Support, hang up. We do not make these kinds of calls,” it said.

Rogue anti-virus

Earlier this year, the FBI shut down a rogue anti-virus operation that sold more than $100 million (£69m) worth of rogue anti-virus software to victims in more than 60 countries. According to authorities, Bjorn Daniel Sundin and Shaileshkumar P. Jain owned and operated a company called Innovative Marketing – registered in Belize – that claimed to sell security and computer repair software through the Internet.

A third defendant, James Reno of Amelia, Ohio, was accused of owning and operating Byte Hosting Internet Services, which ran call centres providing technical and billing support on behalf of Innovative Marketing.

Sundin and Jain, believed to be living in Sweden and the Ukraine, respectively, were charged with 24 counts each of wire fraud, while Reno is charged with 12 counts of wire fraud. All three were also charged with one count of computer fraud and conspiracy to commit computer fraud.

Back in April, researchers at Google revealed that rogue anti-virus is behind 60 percent of the malware on domains that include Google trend keywords. In an analysis of 240 million web pages collected by Google’s malware detection infrastructure over a 13-month period, the researchers discovered more than 11,000 domains involved in the distribution of rogue anti-virus.