Scareware Directory
Attempts to shock users into thinking their PC is already hacked and scare people into downloading malware. In many cases, there is nothing wrong with the user’s computer.
Scareware: Tricking Users into Downloading Malicious Software
If you browse websites that have several popup ads, you’ve probably come across a type of malware called scareware. While the popup itself isn’t malicious, its intent is to trick or scare people into downloading malware. The actual malware can be any number of forms – trojans, adware, spyware, or even a rootkit. The type of download depends on the scareware creator, but the tactic is a way to convince users that their PC is infected with viruses when it isn’t.
A Brief Overview Scareware
Scareware comes in several forms, and the technique has been around the Internet for a while. When malware writers couldn’t get people to install malicious software, they turned to scaring users into installing fraudulent hot fixes or antivirus.
In 2005, Microsoft even sued the maker of scareware for $1 million in damages. Spyware Cleaner told users that their registry was corrupted and their computer was at risk of being hacked. The popup was a completely fraudulent claim, but it convinced end users to download fraudulent antivirus software to clean the PC. Instead of cleaning the PC, the malicious program added spyware to the computer.
What Does Scareware Do?
This screenshot is an example of typical scareware. If you notice, the attempt is to shock users into thinking their PC is already hacked. In many cases, there is nothing wrong with the user’s computer. The left button lets the user close the window, but the right button takes the user to a download site where they can purchase or download fraudulent antivirus software.
When the user downloads the file, they install software that appears to clean the PC. The software does nothing, and it can even cause bugs or crashes on the computer if it’s not programmed well. The malware can also claim to fix Windows registry issues, but the malware actually inserts registry entries that install malware or makes the user’s computer vulnerable to other malware.
At very rare instances, the software installs rootkits. If you remember from the rootkit section, these programs allow a hacker to install other malicious programs such as trojans, spyware or viruses. The program is hidden, and it sometimes doesn’t take effect until the user reboots. The user is unaware of the malware and thinks that the computer is free from viruses until other computer problems present themselves.
Scareware is also used in ransomware programs. One scareware program uses a popup that gets the user to install the ransomware malware on a PC. The next time the user reboots, files are encrypted and locked. A popup displays telling users that they were caught doing malicious activities on the Internet, and then they are prompted to pay a ransom or the FBI will be notified. For users who aren’t aware of the ransomware technique, they either pay the ransomware or attempt to clean files. Because the files are locked with a 2-key encryption algorithm, users must get the decryption key to save their files.
In some cases, the users get their files decrypted. In others, they pay the ransom but don’t get the key for decryption.
Spyware is also another symptom of scareware. Advertisers pay for search engine behavior. Spyware captures user information, but it also watches browsing behavior. This can be through browser hijackers or keyloggers included with the malware installation. The amount of information that can be gathered from spyware is numerous including files, user names and passwords, banking information, and social security and credit card numbers.
How to Avoid Scareware
It’s difficult to avoid scareware, because the popups are added to random websites. Users don’t know that the popups exist on the site until they navigate to the site and see the warning. One option to block these popups is ad blocking software such as Ad Blocker. Most browsers include internal popup blockers that won’t allow the scareware to display.
If the popups aren’t blocked, the best way to avoid scareware is to see it for what it is – a scam. Any application that has a popup and claims that your computer is infected is a scam. Your local antivirus or anti-spyware program can properly detect malware on your computer, but a popup is not able to run a scan on your computer unless you give it permission.
Some scareware use a common JavaScript hack that shows a list of files on the computer. The scareware then tells the user that these files are infected with malware. These attempts to scare the user into installing fraudulent malware are also a scam.
Users should know that any popup claiming that a computer is infected with malware is scareware. Use local antivirus software to detect malware, but never believe a popup that has no access to the local computer. If these popups continue to show without browsing to a website, you might have other malware installed on the computer such as adware.
In most cases, a simple ad blocker will stop the scareware attempts. Overall, ignoring scareware is the ultimate way to avoid it.
How to Remove Scareware
The good news is that scareware doesn’t need any removal. Provided users don’t download and install any malicious programs after clicking the popup link, nothing has to be cleaned just from a popup.
If popups persist after navigating away from a particular site, it’s possible that the PC is infected with other malware such as adware. In this case, the best step is to download a reputable adware cleaning application. If antivirus is already installed on the computer, just download the latest definition files from the official manufacturer’s website and run a full scan on the computer.
If you’ve already installed malware, the first step is to download the latest antivirus definition files. These definition files help the software find the latest malware in the wild. It doesn’t mean it catches all malware, but a majority of it is eliminated from just having the latest definition files installed. You can use the antivirus software dashboard panel to download these files.