scareware by Scott Pollack

Scareware, nowadays included into the class of malware known as FraudTool, comprises several classes of ransomware or scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.

A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware itself. Another approach is to trick users into uninstalling legitimate antivirus software, or disabling their firewall.

Internet Security bloggers/writers use the term to describe software products that produce frivolous and alarming warnings or threat notices, most typically for fictitious or useless commercial firewall and registry cleaner software. This class of program tries to increase its perceived value by bombarding the user with constant warning messages that do not increase its effectiveness in any way. Software is packaged with a look and feel that mimics legitimate security software in order to deceive consumers. Some websites display pop-up advertising with text such as: ‘Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click ‘Yes’ below.’ These websites can go as far as saying that a user’s job, career, or marriage would be at risk. These popups are designed to look like they come from the user’s operating system when they are actually a website.

Some forms of spyware also qualify as scareware because they change the user’s desktop background, install icons in the computer’s notification area, and generally make a nuisance of themselves, claiming that some kind of spyware has infected the user’s computer and that the scareware application will help to remove the infection. In some cases, scareware trojans have replaced the desktop of the victim with large, yellow text reading ‘Warning! You have spyware!’ or a box containing similar text, and have even forced the screensaver to change to ‘bugs’ crawling across the screen. ‘Winwebsec’ is the term usually used to address the malwares that attacks the users of Windows operating system and produce fake claims as genuine Anti-Malware software.

Another type of ‘scareware’ involves software designed to literally scare the user through the use of unanticipated shocking images, sounds or video. An early program of this type is NightMare, a program distributed on the ‘Fish Disks’ for the Amiga computer (floppy disks distributed by freeware programmer Fred Fish) in 1991. When NightMare executes, it lies dormant for an extended (and random) period of time, finally changing the entire screen of the computer to an image of a skull while playing a terrifying shriek on the audio channels.

Anxiety-based scareware puts users in situations where there are no positive outcomes. For example, a small program can present a dialog box saying: ‘Erase everything on hard drive?’ with two buttons, both labeled ‘OK.’ Regardless of which button is chosen, nothing is usually destroyed other than the user’s composure. This tactic was used in an advertisement campaign by Sir-Tech in 1997 to advertise ‘Virus: The Game.’ When the file is run, a full screen representation of the desktop appears. The software then begins simulating deletion of the Windows folder. When this process is complete, a message is slowly typed on screen saying: ‘Thank God this is only a game.’ A screen with the purchase information appears on screen and then returns to the desktop. No damage is done to the computer during the advertisement.


One Comment to “Scareware”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.