NEC urges users to beware of scareware

By Alan J. McCombsFebruary 26, 2010

NEC urges users to beware of scareware
(Photo Credit: U.S. Army) VIEW ORIGINAL

Something alarming could be a click away for Fort Meade computer users who are not cautious.

The Network Enterprise Center is experiencing a spike in virus-infected computers as machines are corrupted by a new type of Internet scam: Scareware.

Scareware is an emerging Internet threat in which people surfing the Web see a screen pop onto their monitor. The screen warns that a threat or vulnerability has been discovered on the computer.

Scareware programs then prompt the user to run a system scan or download a patch that will "solve" the problem.

The "solution" is, in fact, a virus that could hide on a computer or potentially solicit the user's personal or financial information, said Joseph Carr, chief of the NEC's Information Assurance Division.

Last month alone, 10 computers out of the 2,000 garrison and tenant computers monitored by the center were infected by Scareware programs. Since then, the NEC, formerly known as the Directorate of Information Management, has been finding at least one or two infected computers each week, Carr said.

While scareware represents a rising issue, overall it remains a small concern for the NEC, Carr said.

"This is a minor problem but it has the potential of going crazy," he said.

Once a computer is infected with a virus, the Army's anti-virus software, Synamtec, should pick up the intruder and notify both the computer user and the NEC. The computer user is prompted in an e-mail to power down the machine to prevent further infection across the DoD network.

DoD's only cure for a scareware infection is to haul away the blighted machine, erase its hard drive and restart the computer's system from scratch.

Resetting a machine takes anywhere from 20 minutes to two hours. Most computer users should have their machine returned after a day, said Gwen Hamilton, a NEC information specialist who handles the resetting process.

Once the computer is reset, the user loses any notes or files stored on the machine, Hamilton said.

"It used to be that we'd try and save the person's files, but now the requirement is that it be totally deleted," Hamilton said.

It's an experience those working at the NEC are familiar with.

After a weeklong vacation in December, Shaun Cronk, a NEC Information Assurance network officer, returned to work to find that a scareware program had infected his computer.

"No one's immune to this," he said.

The damage was minimal for Cronk as he made a habit of saving most of his files to a network drive, but he still lost some items, he said.

"It was not that someone found me or went after me, it was just something that was sent out," Cronk said. "I felt a little violated."

The long-term solution for scareware is unclear. Previous threats to computers tend to be fixed by patches to the computer or the anti-virus software, Carr said.

But Scareware is usually concealed in ads on Web sites ranging from popular search engines to social networks. DoD could potentially decide to limit access to those parts of the Internet, Carr said.

Limiting the number of scareware infections now could forestall such action, Carr said.

"We're trying to avoid locking people out of stuff or blocking it off," he said.