Almost Paradise

My mother-in-law ran across a weird thing on her computer a few days ago. So she wrote down the error message exactly as it appeared on her screen, and gave the note to Judy to ask me about it.

Mom’s note started out with:

Install Virus Remover 2009 to scan your PC for malware.

Uh oh. That didn’t sound good.

Windows Security Threat You have chosen to open virusremover2009_setup_free_rezer_en.exe which is a MS-DOS Executable from http://download.desktoprepairpackage.com
	Open		Save to disk

Based on what came next in her note, I assume that she clicked on Open.

This program cannot be run in DOS mode.

It was at this point that I started to laugh.

Virus Remover 2009 is a repackaged version of Virus Remover 2008, which used to be called Antivirus 2009. It’s a family of bogus software that tries to fool you into thinking that your computer has been infected by viruses. “desktoprepairpackage.com” is a bogus web site whose sole purpose is to infect Windows PCs with this “antivirus program” virus.

I was so grateful that I’d convinced Mom to switch to a Mac when she needed a new computer a few years ago. The file that she had downloaded would have caused her (and me, her tech support guy son-in-law) no end of headaches if she’d had a Windows PC.

So grateful.

Now that the potentially worrisome crisis was over, I got curious and decided to cruise over and check out the website using my can’t-catch-Windows-viruses MacBook.

The headlines alone gave it away as a bogus site. “Keep you PC from spies with a brand new VirusRemover 2009″? Jeez, these scam artists can’t even be bothered to get a native English speaker to proof their copy before they publish it.

I started snooping through the site’s source code, and hit paydirt. There was a JavaScript library containing a set of phrases to respond to a user’s actions in case he wised up and attempted to cancel the “virus scan” installation. By the end of the set, I was reading them out loud as Judy and Chris hooted with laughter.

var _PHRASES = new Array( ‘OkClicked.phrase1′, ‘VirusRemover2009 will scan your system for viruses now.’, ‘OkClicked.phrase2′, ‘Please select “RUN” or “OPEN” when prompted to start the installation.’, ‘OkClicked.phrase3′, ‘This file has been digitally signed and independently certified as 100% free of viruses, adware and spyware.’, ‘OkUnloadHandler.phrase1′, ‘NOTICE: You have not completed the virus scan! If your computer is infected,’, ‘OkUnloadHandler.phrase2′, ‘you could suffer data loss, erratic PC behavior, PC freezes and crashes.’, ‘OkUnloadHandler.phrase3′, ‘Do you want to install VirusRemover2009 to scan your PC for malware now? (Recommended)’, ‘order.msg1.1′, “Warning! {err} severe privacy violations, temporary and history records endangering your private life were found on your computer.”, ‘order.msg2.1′, “WARNING! Your computer has tracks of all adult sites you had visited.”, “order.msg2″, “In most cases, you are not even aware of the files that get installed by themselves, violate your online privacy, and compromise your career and marriage.”, “order.msg3″, “These files leave tracks of your online behavior and even compromise your credit card’s security.” );

They play on every possible fear they can think of, don’t they?

“I’m surprised that they don’t have one more at the end,” Judy said. “GOD IS WATCHING YOU.“

This entry was posted on Tuesday, April 14th, 2009 at 9:08 pm and is filed under Sci/Tech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.