Senior Threat Researcher
François Paget is a senior threat research engineer and one of the founding members of McAfee Labs, where he conducts a ...
Fake-alert Trojans, also known as scareware, fool consumers by claiming imaginary threats, and insisting its victims purchase a product to repair the “infected” systems. They exist in Windows and Macintosh environments.
In my recent report explaining this threat, I included a table showing the approximate number of scareware products with their known release dates:
After receiving some requests to update this table, I created a new chart by compiling data from the web. This chart shows a significant increase for the first quarter of 2011, after a drop-off in 2010.
Curious to explain this spike, I discovered its origin: fake-alert products from South Korea. Next, a quick search showed most of the associated websites were rated in red by SiteAdvisor.
Looking into the McAfee Labs web threats databases, I discovered that many of these “new” products, at least as seen in Europe and the United States, were not necessarily new. They included products that appeared between 2009 and today (72 in 2010, and only 31 during the first quarter of this year). Among them, a family I named the boan was the most widespread.
Using these dates, we now have a more accurate chart–showing the number of scareware products with known release dates.
Although the latest numbers are less alarming, these figures demonstrate that scareware are still a major threat on the Net.