Scareware and Phishing Scams Play on Windows 8 Launch

Windows 8 isn’t yet a week old, but the scammers and phishing crews already are taking their swings at it, setting up new campaigns based on the shiny new operating system. Security researchers have identified a new scareware campaign playing off of the Windows 8 launch, as well as a phishing email trying the same tack.

The public release of Windows 8 was just last Friday, Oct. 26, and most people probably haven’t even seen the OS in person yet. But that’s not stopping the scammers from trying to make a buck off the back of Microsoft’s work. This shouldn’t come as a surprising development, given that these crews use virtually every major news event, natural disaster and celebrity scandal as a money-making opportunity.

This time, the Windows 8 launch has inspired a new strain of scareware–surely not the last–that purports to be the “Win 8 Security System” and, of course, warns victims about a series of non-existent threats on their PCs. The scareware shows users a warning, telling them that their machines are infected and informing them that they should register their copy of the scareware in order to see what the threats are and remove them, according to an analysis from Trend Micro.

Users often will come across these fake antivirus or scareware threats on either compromised legitimate Web sites or malicious sites. Scammers will try to compromise popular legitimate sites, such as news sites, social media sites and others and insert some malicious code onto the sites. When users visit a compromised site, they may see a pop-up window telling them that their machine is infected. Usually, clicking on any link in the pop-up will download the scareware, which could then require a payment of $50 or $100 in order to remove it.

Scammers rely on users searching for popular terms, such as Windows 8, in order to land on the malicious sites they control, so they tie their campaigns to trending terms. The researchers at Trend Micro also came across a phishing campaign that’s tied to Windows 8, trying to goad them into downloading a free copy of the new OS. Rather than a free version of Windows 8, the victim gets a request for their personal data, including name, email and other details.

To be clear, the only way you’re getting Windows 8 for free is when you buy a new PC or tablet.