Scareware is a particularly vicious form of malware, designed specifically to convince the victim to pay for the “full” version of an application in order to remove what are, in fact, false positives that these program are designed to display on the infected computer in various ways; fake scan results, pop-ups and system tray notifications.
Delivery methods used by these parasites include Trojans, infected websites, misleading advertisements, and Internet Browser security holes. They can also be downloaded voluntarily, from rogue security software websites, and from “adult” websites. As one of my friends put it “It’s easy to be bitten by a dog like that”.
The average computer user that I speak with informally, has no idea that rogue applications exist. But they do, and cyber crooks are continuing to develop and distribute scareware at a furious pace; there are literally thousands of variants of this type of malware currently circulating on the Internet. It’s fair to say; distribution has now reached virtual epidemic proportions.
One of my Internet friends runs a specialized site, 411 Spyware , that deals specifically with malware removal advice, and virtually every day, she posts an article on a newly discovered scareware application.
Scareware is designed to continue to load on boot up, and will then generate its fake or false malware detection warnings. Even if the victim is tricked into paying for the “full” version, scareware will continue to run as a background process, incessantly reporting those fake or false malware detection warnings we talked about earlier. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.
While it’s true that reputable anti-spyware software is often capable of detecting rogue software if it attempts to install, this is not always the case. Anti-malware programs that rely on a definition database can frequently be behind the curve in recognizing the newest threats.
It’s all about the money:
So how much money is involved here? Lots – according to Panda Security, approximately 35 million computers are infected with scareware/rogueware each month (roughly 3.50 percent of all computers), and cybercriminals are earning more than $34 million monthly through scareware attacks.
At a personal level, I have heard some horrendous stories from readers where the common thread has been the debiting of their credit cards, multiple times, by the cyber-criminals responsible for the distribution of scareware.
What can you do to ensure you are protected, or to reduce the chances you will become a victim?
Consider the ramifications carefully before responding to a Windows Security Alert pop-up message. This is a favorite vehicle used by rogue security application to begin the process of infecting unwary users’ computers.
Be cautious in downloading freeware, or shareware programs. Spyware, including scareware, is occasionally concealed in these programs. Download freeware applications only through reputable web sites such as Download.com, or sites that you know to be safe.
Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications, since exposure to rogue security applications is widespread.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on, that offers substantial protection against dangerous websites.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.