Network News

X My Profile
View More Activity

Microsoft, Washington State Sue Scareware Purveyors

Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software.

The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95.


"We won't tolerate the use of alarmist warnings or deceptive 'free scans' to trick consumers into buying software to fix a problem that doesn't even exist," Washington Attorney General Rob McKenna said. "We've repeatedly proven that Internet companies that prey on consumers' anxieties are within our reach."

Paula Selis, who heads the attorney general's consumer protection unit, said Registry Cleaner found the same 43 "critical" errors on each PC they used to examine the software, while consumers who purchased the product were told their machines were instantly rid of the imaginary threats.

Selis said that in addition to handing their name, address and credit card numbers to someone "who is obviously a fraudster," consumers who purchased the software may have been lulled into a false sense of security, thinking the bogus software would protect them from future threats.

"We're absolutely certain that consumers across the country have been deeply affected by this," Selis said.

No one answered the phone at the number listed on Branch Software's Web site. McCreary could not be immediately reached at his home number, nor did he respond to e-mailed requests for comment.


In a separate action, Microsoft filed five "John Doe" lawsuits to learn the identities of individuals responsible for marketing other scareware products, including such titles as Antivirus 2009, Malwarecore, WinDefender, WinSpywareProtect and XPDefender. Microsoft also amended two complaints filed earlier to unmask those running SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

The products named in the lawsuits used a variety of methods to prompt victims to install the scareware products. Scan & Repair Utilities, for example, was advertised via misleading instant message alerts sent over Skype, a popular Internet telephony service.

Other products, such as Antivirus 2009 and XPDefender, come disguised as Web browser plug-ins or "codecs" that certain Web sites claim the visitors need to install in order to view online videos. The sites typically are advertised in junk e-mail messages touting video links to adult content or international news events. The fake codecs are in fact Trojan horse programs that change a variety of settings on the victims' computers and serve the victims with incessant warnings that their computers are infected with malicious software.


Alex Eckelberry, president of Clearwater, Fla.-based security firm Sunbelt Software, said the spread of fake security software has become a pandemic.

"This is an absolutely huge problem, and these rogue anti-spyware products are what most consumer PCs are getting infected with now," Eckelberry said. Some of the most aggressive scareware products make critical changes to the victims' PCs, such as preventing consumers from restoring their computers to an earlier, known-secure state.

"These guys are doing whatever it takes to get you to buy their crap software," he said.

The lawsuits were filed under Washington's Computer Spyware Act, which among other things punishes individuals who prey on user concerns regarding spyware or other threats. Specifically, the law makes it illegal to misrepresent the extent to which software is required for computer security or privacy, and it provides actual damages or statutory damages of $100,000 per violation, whichever is greater.

By Brian Krebs  |  September 29, 2008; 3:02 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: The 411 on Wireless Access Points
Next: Software Lets Users Manipulate Passport Data


I got a program by Sammsoft a Registry cleaner 2008 titled product they offered it free if I subscribed to a magazine - I did - Prevention, a health oriented monthly very well known, did I create vulnerability to my security?

Posted by: Karen Stegeman | September 29, 2008 4:12 PM | Report abuse

Karen -- Not familiar with that particular product, but I haven't heard of scam security software advertised in a magazine.

Btw, I deleted your e-mail address from your comment. It's best not to include that in public postings online, as spammers will simply scrape it up and use it.

Posted by: Bk | September 29, 2008 4:13 PM | Report abuse

Well I'm glad they are doing this, these companies need to get taken down.

Posted by: randongy | September 29, 2008 4:32 PM | Report abuse

MY one laptop has been locked up on and off for several days because of the malwarecore crap. I accidently turned of my popup block and I got infected. What a mess.

Posted by: JR | September 29, 2008 4:34 PM | Report abuse

One of my laptops got infected with the malwarecore and has been locking up for several days. What a mess. I accidently turned off my popup blocker and got infected. What a mess.

Posted by: JR | September 29, 2008 4:37 PM | Report abuse

Typuical. . .

We need more laws to hold companies like this accountable - WE CAN NO LONGER LET BUSINESS SAY WHATEVER THEY WANT. . .OR MAKE WHATEVER CLAIMS THEY WANT!


Although I am not a huge fan of Microsoft. . .I give them a big thumbs up for taking these companies to task!

Posted by: Jeff G | September 29, 2008 5:09 PM | Report abuse

Well it's about time!!!! I was hoping for a huge class action lawsuit from consumers. But this could even be better as M$ has the lawyer power :)

Posted by: Bob | September 29, 2008 5:20 PM | Report abuse

Excellent move on the part of Microsoft.

Posted by: Outfielder | September 29, 2008 5:31 PM | Report abuse

This isn't really better if Microsoft gets the money from the suit rather than the actual victims of these con artists.

Posted by: Bryan | September 29, 2008 5:35 PM | Report abuse

One of these "infections"-----better titled "assualts"------just cost me $85.00 in tech time with Dell, a total loss of all my data, 60+ hours of frustration & lost time working, and fostered an eternal hatred of Mr. McCreary and all his cohorts. I would join any lawsuit or public humiliation involving anyone connected with these scams that have probably cost a billion dollars in lost productivity.

Posted by: Niles | September 29, 2008 6:16 PM | Report abuse

I recently made the switch to Ubuntu Linux. Goodbye Microsoft, goodbye viruses and fraudware. I highly recommend it.

Posted by: Bill in Taiwan | September 29, 2008 7:37 PM | Report abuse

beware of Anti-Virus XP2008 or a name similar to this - took forever to get rid of this piece of garbage.

Posted by: art | September 29, 2008 7:55 PM | Report abuse

another reason i'm glad i use mac os x. my parents have elderly disabled neighbors who have probably spent at least $300 on these scams because they don't have a clue about computer security (using windows xp and vista ) and no matter what I tell them or do for them, it's never enough to thwart these scams or to help them understand they have chosen operating systems which are not set and go -- it requires constant updates and maintenance at a level beyond their ability to comprehend -- nor does the info I provide them with 'stick' ... I feel especially bad for seniors, low income, limited or fixed income and such who use windoze.

meanwhile, this is really about time! the feds and other states need to follow suit. of course, it's only lawyers who will make out like bandits, the people who have been ripped off will be lucky to get a $10-25 coupon for winduhs software.


Posted by: finally! | September 29, 2008 8:31 PM | Report abuse

had to go over to the ex's to remove xp anti-virus 2008 (she let her norton expire and hadn't installed the windows updates); what a nasty little hijacker bug -
wouldn't let me uninstall, wouldn't let me into symantec to update, wouldn't let me navigate to symantec using IE, wouldn't let me download firefox, wouldn't let me start in safe mode, finally managed to make an end-run using an old user profile that had admin privileges and installed new anti-virus from a disk
fortunately it caught the little bugger during the pre-install scan and zapped it

Posted by: frodo2you | September 29, 2008 9:51 PM | Report abuse


Re your statement "another reason i'm glad i use mac os x" ... you do realise that there is scareware targetting Macs, yes?

MacSweeper is one that comes to mind, and Cleanator - I wrote about them back in January of this year.

The Registrar for is none other than the infamous Estdomains. The domain was created on 21 November 2008. was also registered by Estdomains, and shares IP address with yet another scareware,

It should be noted that Estdomains are associated with many, many scareware products targetting Windows machines.

Posted by: Sandi Hardmeier | September 29, 2008 10:29 PM | Report abuse



Posted by: BRUCEREALTOR | September 30, 2008 12:39 AM | Report abuse


Posted by: BRUCEREALTOR | September 30, 2008 12:44 AM | Report abuse

Install Ubuntu Linux on your workstations and laptops and you won't have to worry about being ripped off by fraudsters. Not only is the operating system free, if there is a need for an application, it probably already exists in the repositories, also free.

Posted by: Penguin Tom | September 30, 2008 3:06 AM | Report abuse

Washington state Attorney General Rob McKenna should be commended for protecting citizens throughout the United States.

Mr. McCreary is a Russian Business Network affiliate, and his business has targeted the American people on behalf of the Russian mafia.

We very much need more law enforcement on the Internet, and Attorney General McKenna is setting an excellent example for law enforcement officials nationwide.

Thank you,

James McQuaid

Posted by: James McQuaid | September 30, 2008 7:08 AM | Report abuse

AMEN! Go get them and destroy them! I am so glad to hear this!

Posted by: Kevin Watts, Big Sandy, TN | September 30, 2008 9:17 AM | Report abuse

The best remover for this zLob/SmitFraud Crap is SmitFraudFix.

Posted by: JustMe | September 30, 2008 10:58 AM | Report abuse

Thanks for the post! I linked to you in my blog. I'll have to keep reading because I really like what you have to say.

I remove the AntiVirus 2008 and 2009 variants multiple times a week. I don't like what those guys do but it has been great for business. =)

Posted by: Biden PC | September 30, 2008 12:02 PM | Report abuse

Brilliant! Not only are these guys spreading their malware, but they're getting the victims to pay for the privilege of being infected! You have to admire the inginuity! But then you have to lock them up as the criminals they are.

Posted by: noahm | September 30, 2008 12:59 PM | Report abuse


That said, were you advocating using or avoiding the Summitsoft products? If you were advocating their use, please provide the source for a reputable reviewer or two.



Posted by: DLD | September 30, 2008 1:16 PM | Report abuse

Great article. Please keep updating it as I can't wait to see what happens to the scum.


Posted by: JohnnyG5 | September 30, 2008 4:58 PM | Report abuse

Somewhere along the line, a few things have been missed here:

1. Most of these "rouge" anti-virus/anti-spyware apps begin with pop-ups through "ActiveX" - if you don't know where -that- comes from, you need to find out, and get an alternative app/browser that doesn't use it.

2. All these "legal" actions may (someday) pan out for the good in the U.S., but chances are -high- that they will continue to exist far beyond the reach of the Justice Department, and MS lawyers. Think about it.


Posted by: J. Warren | October 1, 2008 8:07 AM | Report abuse


Re your statement:
"I feel especially bad for seniors, low income, limited or fixed income and such who use windoze"

Ok, seniors maybe, as most of them are just not "with the times", but a persons security awareness has absolutely nothing to do with their income. Nor does their ability to secure themselves.

Posted by: Stern | October 1, 2008 9:50 AM | Report abuse

World netizens' access to powerful investigative tools ought to be galvanized, via donations, for supporting a pro-consumer website that "researches" (with all tools, including "honeypots") and PUBLISHES (as "persons of interest") the personal and biographical details of these scareware criminals-- emulating the FBI's "Ten Most Wanted" posters. What are their names, aliases, addresses, banks, ISPs, ISP complaint contact data, criminal raps sheet reports, outstanding warrants, scam-partners, car license plates, etc? Scam artists must learn, soon, the true meaning of cyberwarefare by thousands of morally outraged "counter-hackers"-- as their photos get festooned to the world's entertainment and ensuing lawsuits. A consumer "scammer-hunt" website ought to share (as feasable) in successful damage awards to accelerate their funding(s) of quality staff support-- perhaps culminating in a quality-edited and managed wikipedia style consumer site (strictly guided and quite rigidly safeguarded by competent legal counsel, of course, against infringing on the constitutional rights of these alleged scam artists ... pending their respective court trials). Web site services might include, moreover, "consumer reports" for use by scam victims attempting to stop or reverse scammed credit card authorizations (and/or perhaps, more simply, links to the excellent sites). Do any such ("cyberwarefare"?) websites exist? Most scamware victims do not want to merely complain, read each others' reports, and wait for Microsoft vs. scammer lawsuit news. Today's victims want to declare immediate GridWarfare against scamware artists. Please, anyone, contribute those URLs and/or blogs, by which victims might finally join and support a good and just War.

Posted by: anonymous | October 1, 2008 12:57 PM | Report abuse

I didn't download AntiVirus XP, it came with another package. My Nortons Antivirus caught it and quarrantined the affected files.
I followed procedure and rebooted, the Antivirus XP 2008 splash screen was still there, the viruses they indicated went from 1,752 to 3,504.
It also wiped out My Doucuments folders.
The AntiVirus XP2008 kept prompting me that they could fix it all for $39.99 or $49.00.

Posted by: Lorraine Czolba | October 1, 2008 1:11 PM | Report abuse

A friend called me and said her computer was fried because of her installing Antivirus XP 2008, or something like that. It was scareware.

On a Sunday evening I went over to her place and spent from 7:00 p.m. to about 11:00 p.m. trying all my bag of tricks to try and get rid of the program [Trojan.] The program had embedded itself into her registry and even hijacked her IE browser so that she could not go to websites to get a fix! In other words, when going into Google to find a site discussing a fix, the search would be redirected to ad sites. The software was extremely malicious.

At the end of the evening I was able to use my notebook computer to download and install on her PC a program called Malwarebytes Anti-Malware. After a deep scan with that program it got rid of all the crap the Trojan had installed on her notebook.

Bottom line is that I killed four hours of my time dealing with these criminal acts. Something needs to be done to put these people out of business and behind bars.

Posted by: Business Litigation Group | October 1, 2008 2:15 PM | Report abuse

End users share culpability in the security of their systems. IMO, if you're ignorant enough to fall for scareware, you shouldn't be using a computer.

And you don't need to switch operating systems or browsers to properly secure a system. Use a limited user account for starters!

Posted by: TJ | October 1, 2008 4:09 PM | Report abuse

Never, I mean NEVER download WINFIXER...ever....unless you enjoy spending an entire weekend re-installing Windows, re-installing every application on your computer, updaing everything all over again, and reconstructing your user profile from whatever data backups you happen to have on hand.

Posted by: Victim of WINFIXER | October 1, 2008 4:09 PM | Report abuse

If you want real consumer protection, consider the impact of how you vote; the Republicans have been cheerleaders of the deregulation movement for the past eight years, and this "anything goes" attitude is the result.

And don't kid yourselves about Microsoft's appearance of altruism in filing these lawsuits; to the contrary, they only want these guys out of business so they can be sure to have a shot at their client base.

Put teeth back into consumer protection; vote for a Democratic Congress and President.

Posted by: Lewis Butler | October 1, 2008 4:58 PM | Report abuse

Also, view Bill Clinton's incredibly prescient remarks regarding deregulation (at the end of) --
(a) ;

(b) before amusing yourselves with

Posted by: Anonymous | October 2, 2008 12:26 AM | Report abuse

Yes, Bill Clinton foretold today's bailout crisis, with incredibly prescient remarks on deregulation, at--

Posted by: Anonymous | October 2, 2008 12:45 AM | Report abuse

Ha,ha,this is superb irony: the premier purveyors of fear& scam declare war on it. 'Just forget what we've done/are doing to you& put your faith in us...'

Posted by: dar | October 2, 2008 7:49 AM | Report abuse

As someone who works on computers loaned to young people I've been dealing with a lot of these infestations here in Seattle. I hadn't grasped how all these kids were getting their machines munged up until one day when I searched for a music venue on google.

One bogus link I clicked on brought up what appeared to be the same icons you see in My Computer. It was really an image file with all those [including drives I don't have on the machine]. At the same time an animated gif posing as a popup window looked like it was scanning and finding virii. On mousing over this window's Ok button and "X" [to close the window] it was apparent looking in the status bar that clicking anywhere, including the "X" to close the window...would run a script.

I hate the people who create this &$*# and wouldn't miss a moment of sleep if someone was to [insert your favorite punishment here].

Posted by: Doug | October 2, 2008 12:12 PM | Report abuse

We need better education, as well as moving people onto a more secure platform. Gullibility is cross-platform.

Posted by: SC | October 2, 2008 1:54 PM | Report abuse

For a list of all Rogue Spyware and what harm it can do to your computer is the site

click on the link below. A great site for information.

Posted by: Eco | October 2, 2008 8:20 PM | Report abuse

Thanks for your journalism, Mr. Krebbs. Is there no Matt Dillon other than Microsoft? Are there no fed-up sleuths/hackers capable of building and publishing rap sheets identifying these scareware predators (if not waging cyberwarfare)? Do such "activists" exists-- in any "anti-predators" blog or web site? (I'll contribute if I find any).

Posted by: Anonymous | October 2, 2008 8:56 PM | Report abuse

I see these multiple times a day at work. It has become so rediculous that they need to find these morons and give them a one way ticket to the bottom of the pacific attached to a cement block. As far as most of those programs go, if you see the popup ad about your machine being infected and doing the scan, Just CTL-ALT-DEL and end the IExplorer processes you have running, or kill power to the PC. Don't click anywhere in the window. Every click you make on the window (including the "X" close button") is just an Event, and they have programmed all of those events to run the install script on the computer. With the Security in IE detecting you "interacted" with the window and triggered the event yourself, it will go ahead and drop it right into your lap.

Posted by: MiAnon | October 3, 2008 9:31 AM | Report abuse

Alex Eckleberry, another Scientologist linked to fraudster Reed Slatkin, is a computer security expert?

We do not forgive
We do not forget

Expect us

Posted by: Anonymous | October 3, 2008 12:30 PM | Report abuse

Alex Eckleberry, another Scientologist linked to fraudster Reed Slatkin, is a computer security expert?

We do not forgive
We do not forget

Expect us

Posted by: Anonymous | October 3, 2008 12:31 PM | Report abuse

I have spent many a happy hour at my parents house formatting and reinstalling windows cos these bits of software have become installed on the computer!

Posted by: | October 3, 2008 12:44 PM | Report abuse

Two simple steps to stop a lot of these problems:

1. Use a limited user account

2. Use a blocking hosts file

The hosts file blog details many of these scareware items.

Posted by: TJ | October 4, 2008 12:59 PM | Report abuse

When my adult children have problems with their PCs, they bring them to me as the family IT guy. Yeah, I'm an IT professional who works with large non-Microsoft servers, but hey, I do their stuff for free, so I learn a lot about Windows client operating systems via hands on experience.

I'd dearly love to get a piece of the money in the pockets of these "scareware" vendors such as "AntiVirus XP2008" because they've cost me hours of time removing their junk.

I think the term "scareware" minimizes what it really is - it's one thing to sell a product by causing false fear, but it's another thing to install itself, steal data from your PC for whatever nefarious reasons and then hold you ransom by requiring you to purchase a license so you can remove it.

It's really fraudware and should be treated as such.

Posted by: Dr. Bob | October 4, 2008 7:24 PM | Report abuse

Eco, is no longer a viable source to learn about rogueware. Its author/owner abandoned that task. Visit and notice the "Last update" remark which shows the list hasn't been updated since May 2007, and read the top paragraph that mentions this list has been abandoned since then.

I used to refer to that site. Alas, it is out of date and another fine help site that is no longer current.

Posted by: VanguardLH | October 5, 2008 2:34 PM | Report abuse

I use Firefox+WOT+NoScript on Windows XP. I have 2 computers, and the one without WOT and NoScript is always getting the spyware.

Posted by: MasterOfTheXP | October 5, 2008 6:11 PM | Report abuse

I use IE7 on Windows XP without any add-ons and have NEVER been infected with one single piece of spyware/malware!!!

How is that possible???? ;)

Posted by: TJ | October 6, 2008 10:39 AM | Report abuse

I myself have been infected with the Anti-Virus2008. It took forever to finally get it cleaned out. Then my father in-law got it and he had to pay Dell $250 in tech support. The Dell guy said that more than 75% of ALL of his tech calls were dealing with cleaning this Anti-Virus2008. I merely visited a legit website about computer networking & it just self-installed itself, through my corporate firewall & Symantec internet suite. I am glad that the somebody is stepping up & trying to get a handle on this. I hope they make this company pay restitution to all of the people that had to pay for tech support to rid thier system of this.

Posted by: R.KETTENRING | October 6, 2008 2:21 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company