Searching for World Cup info? Beware scam results spreading 'scareware'

As the 2010 World Cup reaches its climax this weekend, hundreds of millions of football fans are busy scouring the Web for news on the globe's biggest sporting event -- and cyber-criminals are waiting for them to make one wrong click.

Security experts had been predicting a bonanza for online scammers in the months leading up to the tournament, and they haven't been disappointed.

PandaLabs, the anti-malware laboratory of Panda Security, is warning consumers of search engine manipulation tactics that redirect users surfing for World Cup news and videos toward sites promoting fake anti-virus software. This malicious software, more commonly known as Scareware, fools users into believing their computers have been infected by a virus and tricks them into purchasing useless software to fix the non-existent problem -- often infecting the machine with malware in the process.


The scareware in question is called MySecurityEngine, which alters the desktop settings of its victim to display fake security alerts and hijacks the browser, diverting the user to bogus sites. MySecurityEngine, which has been detected on a number of infected web pages, also installs malicious files and downloads itself automatically onto the victim's PC, making it difficult to remove.

The scareware also tricks users into purchasing its worthless anti-virus software. PandaLabs says cyber-criminals manipulate search engines to ensure scareware pages feature prominently on Google searches by using deceptive black hat search engine optimization (SEO) techniques to improve rankings. MySecurityEngine-infected pages appear in Google results when football fanatics search for terms including:

• Worldcup
• World Cup Brackets 2010 Fifa
• World Cup Brackets 2010 Printable
• World Cup Schedule 2010
• Espn World Cup Schedule

Scareware was a problem before the World Cup, of course, and will continue to be one when it's over. In late May, the U.S. government indicted a global gang of scareware scammers that tricked millions of victims in more than 60 countries into purchasing more than $100 million in worthless anti-virus software. The criminals placed fake advertisements on legitimate websites, fooling consumers into believing their computers were infected with "malware" that could only be removed by purchasing their bogus software. Scareware, according to the FBI press release, "is widely regarded as one of the fastest-growing and most prevalent types of Internet fraud."

So how do you protect yourself against scareware?

The Federal Trade Commission, which knows a thing or two about scareware scams, offers some excellent advice on its OnGuardOnline site, a consumer-oriented site full of useful information for avoiding scams, viruses and other cyber-trouble. OnGuardOnline's "Free Security Scan Could Cost you Time and Money" page provides a good overview of scareware, as well as helpful tips to avoid getting fooled into buying bogus anti-virus software.

Common scareware tactics, the FTC says, include:

• Ads that promise to "delete viruses or spyware," "protect privacy," "improve computer function," "remove harmful files," or "clean your registry."
• "Alerts" about "malicious software" or "illegal pornography on your computer."
• Invitations to download free software for a security scan or to improve your system.
• Pop-ups claiming your security software is out-of-date and your computer is in immediate danger.

If you encounter any of these scenarios, shut down your browser immediately and make sure not to click "No" or "Cancel," or even your browser's "x" button, which could activate the scareware program. Windows users should press Ctrl + Alt + Delete to the Task Manager and click "End Task." Mac users should press Command + Option + Q + Esc to "Force Quit."

If you get an offer to buy anti-virus software, Google it to make sure it's reputable. A particularly effective malware remover is offered free by Malwarebytes. And finally, make sure your anti-virus software, anti-spyware and firewall are active and up-to-date.