Bamboozled November 16, 2017: How a scam website reached the top of Google search ranking

A screen shot of the payment prompt from a fake Windows Movie Maker download.
A screen shot of the payment prompt from a fake Windows Movie Maker download. (ESET)
When you search for something online, you usually find what you’re looking for.

But searches for the popular — and now discontinued –Windows Movie Maker software is setting up some would-be video editors for a scam.

Windows put the kibosh the program in January 2017.

But because it was a free program, user demand is still very high.

And that’s where the scammers have stepped in.

Banking on the program’s popularity, con artists created a website promising a free download of the software, but it’s anything but free. And because of the way search engines like Google calculate their web page rankings, the phony site reaches near the top of searches — giving it a big pool of potential victims.

According to a report by ESET, an IT security firm that specializes in malware and virus detection, the website windows-movie-maker.org comes up as one of the top results when consumers search for the Movie Maker program. It ranks as the No. 1 result in countries with the highest number of internet users, and it pops up first on Bing searches, too, ESET found.

ESET said this download is the third most prevalent threat worldwide.

Here’s how to works, according to the folks at ESET.

When you download the software from the website, you actually get a functioning version of Windows Movie Maker. All seems well. But as you use the software, sometime during your video editing process, you’ll get a window that says you have to pay to continue.

ESET said the payment prompt tells users they’ve only downloaded the trial version, and they’ll have to upgrade — and pay — to get all the program’s functions with the full version.

Users will get the payment prompt when they first launch the program and again when they try to save a video. And at this point, they’re stuck. They can’t save the video they’ve been working on, and they don’t want to lose all that time.

They might be tempted to pay. And some do.

“The price requested for the fake upgrade is set to $29.95, in what is presented as a 25% discount on the payment website used by the crooks,” ESET said.

WHAT HAPPENS NEXT

The seriousness of the download is uncertain.

Users who fell for the scam would have lost their $29.95 and ended up with nothing for their money. That’s a certainty.

Maybe losing $30 isn’t the end of the world, but when you download any malicious program, you never know what could pop up later.

While ESET said it has seen no signs that the program installs malware or viruses onto your computer, it’s better to be safe than sorry.

“The page itself is only being used to spread the misused version of Windows Movie Maker,” said Ondrej Kubovic, security awareness specialist at ESET. “In the cases we analyzed, there was no other malicious activity observed. However, it is always better to be cautious in case the attackers try to follow up on their previous attempt.”

In other words, you never know if an unwelcome surprise could be attached to this fake program.

We found it pretty fascinating that a hoax website could end up so high in search engines, but it’s apparently not new.

The scammers use search engine optimization, called SEO for short, to their advantage. This is known as “black hat SEO.” Scammers will use a current popular topic to push malicious content to top ranks of a search, Kubovic said.

“The attackers behind pages using black hat SEO usually opt for techniques not allowed by the search engine guidelines, like using hidden text, keyword stuffing, adding unrelated keywords, doorway pages, etc.,” he said. “However, the case of Windows Movie Maker was different as the perpetrators used mostly legitimate SEO techniques to achieve the high ranking to spread a scam version of the discontinued software.”

It doesn’t happen often that attackers using similar techniques go to such lengths and detail to reach their victims, he said.

You can take steps to protect yourself from phony websites that end up high in your searches.

The key is to carefully evaluate a download before you click. Take a look at the source, and be suspicious.

“Always download installers and software from the page of the original developer,” Kubovic said. “However, if the user comes across a page that doesn’t fit this description or is in some way suspicious, they should not hesitate to contact the official developers to verify if it is safe to use.”

If you’ve already downloaded the phony Movie Maker from windows-movie-maker.org, uninstall it and run a scan using reputable anti-malware programs, ESET says.

And if you desperately want Movie Maker, try the official replacement, called Windows Story Remix.

Advertisements