IT security and control firm Sophos is warning computer users to be wary of fake security warnings following media reports that a 41-year-old woman has been charged in South Korea with distributing bogus anti-virus software to almost four million internet users.
Lee Shin-ja, a former CEO of Media Port, is said to have earned more than 9.2 billion won (approximately 4.9 million UK pounds) since 2005 with scareware that displayed fake security warnings and directed internet users to purchase Media Port's clean-up program Doctor Virus costing 3850 won (2.05 UK pounds) a month.
Seoul Central District Prosecutors Office claims that Lee hired two computer programmers, who have also been charged, to assist in the scheme.
"More and more people are becoming concerned about the security of their personal computer - and it's all too easy for the unscrupulous to try and fool users into believing a bogus warning," said Graham Cluley, senior technology consultant for Sophos. "In this case 3.96 million internet users are reported to have tried the free software, with 1.26 million people going on to purchase the 'cure'. With those kind of figures it's no surprise that the authorities are looking seriously into whether a large number of people have been defrauded by scareware."
Sophos experts note that there are hundreds of different security programs competing in the South Korea market, many of which are not well-known in the rest of the world.
"Unlike many other countries, it's not uncommon for South Korean computer users to run multiple anti-virus programs at the same time - probably because many of their homegrown solutions don't come with an on-access scanner," explained Cluley. "This environment increases the likelihood that people will download and 'test the water' with a product they stumbled across on the internet. Unfortunately it seems there are cybercriminals desperate for increasing marketshare who are prepared to scare users into making an ill-informed security purchase."
An unnamed spokesperson for Doctor Virus claims that their software is no longer displaying bogus security warnings.