On the face of it it's excellent news that Microsoft and the Washington State Attorney General are fighting against web scams. The sort of scam they're looking at is pretty clever if you're an inexperienced user. You're surfing a website or three - never mind what sort, we're not here to judge - and suddenly a popup box claims your computer is in danger, it's being scanned, you're open to all sorts of abuse, it's the end of the universe and we're going to die. You need some company's wonderful portscanblocker or spywaredetector and you can get it from pleaseopenyourpocketbooktous.com or some other likely-sounding address.
The notices look like the sort of thing you might get from your administrator in the office or an automated system note, and lots of people fall for it. They download what looks like an authentic scan report that confirms their computer is in danger.
As a side note this is particularly effective when people are looking at porn. The reason is simple - psychologically they are weakened when they know they shouldn't be doing something. Looking at naked people (in this context anyway) is not a good thing and we all know it, and the people who run these sites are bad types so of course they're going to be doing something unpleasant to your computer, too.
Most of these bits of software, if not all of them, are of course fake and unnecessary. The computer at the other end has seen that it can activate a popup, send a fake report and wait for the money to come in. Microsoft and the Washington legal types are determined it should be stopped. This is a good thing.
The devil, to use a cliche, is in the detail. Here's a BBC report on the issue which confirms that the defendants in the cases are currently listed as John Doe. This is for the very good reason that nobody knows who they are.
Forgive me for being old-fashioned but doesn't this make apprehending them a little tricky? And if they can't be caught - let's allow ourselves some imagination and say they're offshoring the operation - how can they be stopped?
The more I look at it, the more the idea looks like a cop-out. Clearly America has more to think about than this at the moment but when the economic dust has settled, and it will, I have a few suggestions. How about (for example) not prosecuting invisible people, since this is pretty much a waste of time. How about instead having a major, major publicity campaign confirming to the public that if they see something like this when they're surfing the web, regardless of what they're looking at, there's an excellent chance that it's a fake?
Yes it would cost money, and that's not going to be popular. But chasing these invisible miscreants isn't going to be cheap either. I just think that my way might drive them out of business, invisible or otherwise.