Security vendors are warning of a wave of ’scareware’ attacks that use false Conficker alerts to trick victims into installing fake antivirus software on their computers.

The fake antivirus programs are known as scareware because of their technique of performing a fake antivirus scan on the computer, scaring the user by alerting them to virus infections that don’t really exist, and then offering to sell the victim software to remove the non-existent infections and protect from them in future.

The victim gives up credit card details for software ranging from $30 up to $100, but the real outcome is that their computer falls under the control of the spammer to grow their botnet.

Security analysts estimate that many tens of millions of computers have been taken over by spammers using these tactics.  Conservative estimates at the low end of the fake antivirus pricing suggest this could be a $1.2 billion industry for spammers and malware authors around the world.

As the criminals rake in these profits and computer users fall victim to such schemes every day there are calls for more to be done by Microsoft to protect their customers who are running Windows operating systems.  Microsoft has taken some recent steps such as offering a $250,000 reward for information that leads to the arrest and conviction of the Conficker authors.  More recently they released their free consumer malware protection called Microsoft Security Essentials.

However some commentators think that further steps are needed.  It is suggested that a whitelist of safe security products and vendors be created and included with Microsoft Windows so that it can detect fake antivirus software and prevent users from installing it.

This move would be welcome by many consumers and IT professionals but not necessarily by the security vendors themselves.  New vendors and products may be stalled by any certification process that would be required to be added to the whitelist.

Some existing vendors already have a frosty relationship with Microsoft as the software maker continually encroaches on their market territory with features such as Windows Firewall and Microsoft Security Essentials.  Any bottlenecks in the process would certainly bring claims of anti-competitiveness down on Microsoft.

Finally there are the costs.  Vendors will not incur additional costs in their software development and release process without passing that on to consumers.  Although the argument could be made that even an additional cost to consumers may be far less than what is currently being ripped off from victims by the spammers today.

At the very least, keeping those profits out of the hands of criminals would be a positive outcome.