Microsoft, Washington state sue over 'scareware' pop-up ads

Lawsuits allege companies duped consumers into downloading fake scanning software and paying for software they don't need to fix computer problems they don't have.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
2 min read

Microsoft and the Attorney General's office in Washington state said on Monday they have filed a handful of lawsuits over pop-up ads that scare consumers into paying for software that supposedly fixes critical errors on a PC.

The lawsuit filed by the Attorney General's office alleges a Texas firm sent incessant pop-up ads that falsely claimed the computer had critical errors in its registry and directed people to a Web site where they could download free scanning software to find the problems.

This is an example of the pop-up that consumers received from a Texas firm sued for allegedly spreading "scareware." Washington Attorney General's office

The software then reports 43 critical problems and offers to sell a fix for $39.95. However, the software, dubbed "Registry Cleaner XP," does nothing but lull the consumer into a false sense of security, officials said.

It's a "blatant rip off of consumers," Washington State Attorney General Rob McKenna said in a news conference. Consumers were "duped into downloading a fake scan (of the computer) and then duped into paying for software they don't need."

The pop-ups take advantage of a function called Windows Messenger (not to be confused with Microsoft's instant-messaging program Windows Live messenger) that was designed to allow network administrators to send alerts to Windows PCs on a network. The functionality was turned off in Windows XP Service Pack 2, said Richard Boscovich, senior attorney for Microsoft's Internet Safety Enforcement Team.

The messages often would be displayed repeatedly, with one IP address receiving more than 200 in one day, the complaint alleges.

That lawsuit, which includes claims of misrepresentation, harassment, and high pressure sales, names as defendants Texas companies Alpha Red and Branch Software, and their owner James Reed McCreary. McCreary did not return a call seeking comment.

Microsoft filed five new lawsuits and amended two previous complaints against SMP Soft and Registry Update, all relating to programs that allegedly falsely alert consumers to problems on their computers and offer to sell software fixes. The programs listed include Scan & Repair, Antivirus 2009, MalwareCore, WinDefenderXPDefender.com and WinSpywareProtect. Most of the defendants are listed as "John Doe" because investigators do not yet know the identities of the people behind the programs.

The lawsuits were enabled by a broadening of Washington's Computer Spyware Act, which was amended earlier this year to outlaw misrepresentation of the source of a message to a computer user in order to scare the person into installing software.

Consumers can file complaints on their own, officials said. Meanwhile, the defendants face penalties of up to $2,000 per violation plus restitution and attorney fees.

Microsoft has brought 17 spyware-related legal actions since the Computer Spyware Act was enacted in 2005.

To protect themselves against these and other threats, computer users should keep their operating system, antivirus, firewall and antispyware software updated, Microsoft said.

More information and a link to the complaint against McCreary is on the Washington Attorney General's Web site.

The RegistryCleanerXP software supposedly finds 43 critical errors, even on machines that have no problems, officials say. Washington Attorney General's office

Updated 1:15 p.m. PT with more details on Microsoft lawsuits.