Going over ESPN online tonight, I came across this on 'http://games.espn.go.com/frontpage':
Considering this to be a one off random ad, I looked around the site. And these are few of several screens of what I found:
It became apparent these ads were present on majority of ESPN pages. It's your sponsored ad, I know ESPN, but what the heck!
I fired up Sandboxie and opened up this great PC fixer in my sandboxed browser.
PC MightyMax home page greeted me with its great windows fixer
I then downloaded what it offered and proceeded with installation.
As soon as installation completed, 2 processes were initiated - pcmm2010.exe and csc.exe.
And scary info popped up on my screen:
So my box needs to be fixed, as it says. Go ahead Max..
Moving forth with Buy option, a form appears asking for billing details, credit card information
Next screen needed my e-signature so I must give my date of birth; sure legit :P
Looking at page source during the transaction, it is seen some custom validation happens, I think, for confirming if the credit card, validity date, and cvv are hot or not.
Scroll down a bit and I see this:
After taking the credit card details and basically all PII necessary to make a transaction, a 'one-time' charge is deducted as well.
I've cleared off this mighty fixer from my sandbox. This rogue application - PC MightyMax 2010 - is an example of scareware. Scareware may also be utilized by spyware and / or malware.
Scareware comprises several classes of scam software, often with limited or no benefit, sold to consumers via certain unethical marketing practices. The selling approach is designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.
In this scenario, the scareware gained the trust of an unsuspecting user browsing through a trusted site - ESPN - and through strategic placement and frequency of its ad throughout the site, got downloaded and installed on user's box.
Upon getting installed, it followed its basic routine of fake scanning and presenting scary results to make user go to its rogue site and proceed with purchase.
If we look at the cost associated with the purchase, it is damn expensive - $29.95 for 14 days + additional one-time charge. Apart from these up front cost, a user is giving away a good share of his/her personally identifiable information as well as credit card details.
From the perspective of one sitting at other end and controlling the rogue application, every installation is in good probability generating commission - the economy behind scarewares.
The process is known for last few years but the quality of scareware marketing campaigns are evolving.
In essence, ESPN is the primary entity responsible to facilitate fraud in this instance. ESPN's adspace revenue has clearly overlooked the crucial step of verifying the adspace buyers and the kind of ads running on espn.go.com.
Let's see for how long this remains unnoticed.