Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups, and system tray notifications.
According to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly, through scareware attacks.
Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.
The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.
Having watched the development and deployment of scareware over the last few years, and having noted the increasing sophistication of the current crop of scareware applications, I have come to the realization that scareware removal instructions have limited value, except perhaps, for the most technically sophisticated computer user. A reformat and a system re-install, are more than likely in the cards.
Yes, I know, there are literally hundreds of sites that will walk you through the process of attempting to eliminate this type of scourge, but simply put – if your computer becomes infected with the current scareware circulating on the Internet, you are, in most cases, wasting your time attempting to save your system.
If you doubt this, take a look at Trojan War Resolution: The Battle Won, in which Larry Walsh of eWeek, describes a three day marathon system recovery attempt which was ultimately successful, but…..
The best advice? Have your PC worked on by a certified computer technician, who will have the tools, and the competency, to determine if the infection can be removed without causing system damage.
If you have become infected by scareware, and you want to try your hand at removal, then by all means do so.
The following free resources can provide tools, and advice, you will need to attempt removal.
Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.
Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software.
SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.
What you can do to reduce the chances of infecting your system with rogue software.
Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.
Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.
Install an Internet Browser add-on such as WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
29 responses to “Scareware is Destroyware – Not Just Malware”
Destroyware for sure! A couple of weeks ago, someone brought me two notebooks that were infected with scareware and completely unusable. All manner of security was disabled and many of the apps wouldn’t load at all. Even if the malware could be removed, I would consider the security integrity of the notebooks to be compromised. The best course of action was to restore both from backup media.
As you stated, reformat and reinstall is the way to go! Thinking ahead and using disk imaging software is a much more attractive alternative: http://disk-imaging-software-review.toptenreviews.com/
Hey Mister Reiner,
A very informative comment – thank you.
I’ll estimate that I’ve written 20+ articles on backup and generally, these articles have been poorly read. It never fails to amaze me how few users backup.
I completely agree with your view that a OS reinstall is the safest bet.
As to WOT: I cannot praise it highly enough. It should be mandatory on all browsers.
I read the article in eWeek; scary stuff. But I’m not surprised that Symantec Endpoint Protection got on its knees.
A good way to be protected from your main security app to be terminated is to use a well designed HIPS like Comodo or Online Armor. The problem is: how many users can work with a HIPS? 10%?
I hope your article will be widely read.
Good to see that you agree on the OS reinstall.
Totally agree with your HIPS comment. It’s unfortunate so many users are unfamiliar and inexperienced with such powerful tools.
Great article that I’ll point all my friends to. It’s hard for me to believe that a typical user remains unaware of this stuff, but they do.
You’re friends will thank you for it Liam.
Pingback: » Scareware is Destroyware – Not Just Malware « Bill Mullins' Weblog … RWPS
Another great article. Well written, and the links are very helpful to readers. I’m going to feature it on my site to help get the word out. Keep up the good work.
Thanks Paul. I look forward to your feature.
Most people I know would click that misleading popup alert. I always advise my friends, if it looks suspicious it probably is. They are better off ignoring that popup, closing the browser, clearing the cache, and running their own malware scanners. Which will probably find that scareware responsible for the initial warning. Personally I have never seen this happen on my PC, hope I never do.
I have to say that in the time we have been corresponding, you have become a high level techie. Bravo!! A perfect response to a malware threat.
Thankyou for that, that is a real compliment. I have learned so much since I have been coming to this blog, and I have you to thank for it.
It’s a well deserved compliment Mal . I might put the words on screen, but you’ve done all the hard work of assimilating the concepts, and putting them into practice – not always easy. On top of that, your well considered comments always add to the debate.
Pingback: Scareware: Destructive to PCs | Paul's Home Computing Blog
I agree this stuff is bad and getting worse. I find the only way to attempt to clean these infections is with a Linux boot rescue CD such as Avira or Kaspersky. You also can pull the hard drive put it in your own machine as a slave drive with a VM running a snapshot you are not afraid to loose and clean it that way. Once you clean it with the pre-treatment you then can try Supaerantispyware, Malwarebytes and the various other tools you mentioned to finish it off.
I’ve also gotten pretty good at using a Linux CD to pull off the documents, pictures and other data people want to preserve then do a format and reinstall.
As usual, top quality advice.
– let’s see, if we eat junkfood, we end up with all sorts of acute & chronic maladies attacking us
& then we’re told to take a yellow pill,followed by a blue one,then the pink…& after a while,we don’t ever get well,cuz the drugs are creating more imbalances…thebody&mind slow to a crawl& our spouse trades us in
LOL! That’s a bloody good analogy Dar. But, I’m a Linux Lad – no Windows surfing for me.
You’ve made the jump, you have taken the “Blue Pill”
Yeah, both you and Dar finally convinced me to make the jump to Ubuntu. You know, if Ubuntu put some $ into marketing, who knows what could happen. When I mention my switch over to Ubuntu the usual response is – U who?
Pingback: Tweets that mention Scareware is Destroyware – Not Just Malware « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com
Great article, I used to just format my machines because it was the best thing to do but now I use comodo time machine as my last resort.There are other alternatives but comodo’s time machine is free.Use comodo time machine and your PC is back to normal before the infection took place. Also use sandboxie or GeSwall to isolate your browser from your machine. There is a browser from DELL going by the name of “KACE” which is isolated from your machine and if you don’t like isolation you could use India’s browser “EPIC” which has a built in antivirus (EPIC uses ESET antivirus) All free for safe surfing.
As always Andy, your comment adds much to the conversation – some great advice. Thanks for taking the time.
Whenever i see such kind of pop-ups that “Windows has detected spyware applications….. or System has detected active threats, click the balloon to download an up-to-date AV”, it just makes me to laugh out loud. I mean, windows, till now, as per my knowledge, wont ever notify you of active threats. It just notify you if your AV is turned off or if your firewall is turned off etc..
This kind of infection can well be prevented if the users become aware of this very fact. And by using any virtualization software like ShadowDefender. It’s really a powerful app with a simple and intuitive interface. It even prevented the TDL3 rootkit from ‘leaking’ into actual windows environment whereas others failed.
Of course you’re right. Your remarks “This kind of infection can well be prevented if the users become aware of this very fact”, really gets to the heart of the matter. An average user unfortunately, does not know. And so, the popularity and the effectiveness of this type of malware.
You’re also right, that ShadowDefender is a very effective solution to this type of problem.
Great comment, which gives us all much to consider.
It’s a pleasure to share what i know.
In my opinion, getting infected by a trojan or rootkit is way far better than by a rogue which’re actually like ‘terrorists disguised as social reformer.’
Pingback: Scare-ware and Rogue Anti-virus « Nomad Computer Repair Blog
Great write up Bill. I’ve really enjoyed the blog. Reducing the threats of P2P Networks is key. I use a free tool called Peer2Peer Terminator: http://www.peer2peerterminator.com/home
I have it scripted in Windows Scheduler to run silently and stop any of these applications from running on our corporate PCs.
Thanks for the link to Peer2Peer Terminator. Looks like a terrific application.
I’ll download this, take it for a spin and write it up.