Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.

A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it.[1] Usually the virus is entirely fictional and the software is non-functional or malware itself.[2] According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008.[3] In the first half of 2009, the APWG identified a 585% increase in scareware programs.[4]

The "scareware" label can also apply to any application or virus (not necessarily sold as above) which pranks users with intent to cause anxiety or panic.


Scam scareware

Internet Security bloggers/writers use the term "scareware" to describe software products that produce frivolous and alarming warnings or threat notices, most typically for fictitious or useless commercial firewall and registry cleaner software. This class of program tries to increase its perceived value by bombarding the user with constant warning messages that do not increase its effectiveness in any way. Software is packaged with a look and feel that mimics legitimate security software in order to deceive consumers.[5]

Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." These websites can go as far as saying that a user's job, career, or marriage would be at risk.[6] Products using advertisements such as these are often considered scareware. Serious scareware applications qualify as rogue software.

In recent[when?] findings some scareware is not affiliated with any other installed programs. A user can encounter a pop-up on a website indicating that their PC is infected.[7] In some scenarios it is possible to become infected with scareware even if the user attempts to cancel the notification. These popups are especially designed to look like they come from the user's operating system when they are actually a webpage.

In 2005, Microsoft and Washington State successfully sued Secure Computer (makers of Spyware Cleaner) for $1 million over charges of using scareware pop-ups.[8] Washington's attorney general has also brought lawsuits against Securelink Networks, High Falls Media and the makers of Quick Shield.[9]

In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the Registry Cleaner XP scareware.[10] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

On June 25, 2009, the Federal Trade Commission in the United States reached a settlement with two defendants in a case involving a massive “scareware” scheme. The two defendants settled charges of deceptive advertising and forfeited more than $100,000 in assets. According to the Federal Trade Commission, the two settling defendants were part of a massive deceptive advertising scheme that tricked more than a million consumers into buying “rogue” computer security products, including WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The scheme allegedly relied on deceptive advertisements featuring bogus computer “scans” that falsely claimed to detect viruses, spyware, and illegal pornography on consumers’ computers. The settlement imposed a judgment of nearly $1.9 million against the two Cincinnati-based defendants, James Reno and ByteHosting Internet Services, LLC. This amount represents the gross revenues these two settling defendants realized from the alleged scam. The settlement prohibits James Reno and ByteHosting from using deceptive “scareware” advertising tactics and from installing malicious programs on consumers’ computers. The settlement also permanently bars Reno and ByteHosting from ever again doing business with their co-defendants. The settlement does not affect the FTC’s ongoing case against the remaining defendants in the suit.[11] According to the complaint, the two companies charged in the case – Innovative Marketing, Inc. and ByteHosting Internet Services, LLC – operate using a variety of aliases and maintain offices in various countries. Innovative Marketing, incorporated as a company in Belize, maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio. The complaint alleges that these two companies, along with individuals Daniel Sundin, Sam Jain, Marc D’Souza, Kristy Ross, and James Reno, violated the FTC Act by misrepresenting that they conducted scans of consumers’ computers and detected a variety of security or privacy issues, including viruses, spyware, system errors, and pornography. The complaint also names a sixth individual, Maurice D’Souza, as a relief defendant who received proceeds from the scheme.[12]

A 2010 study by Google found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising.[13]

Starting on March 29, 2011, more than 1.5 million web sites around the world have been infected by the LizaMoon SQL injection attack spread by scareware.[14][15]

Research by Google discovered that scareware was using some of its servers to check for internet connectivity. The data suggested that up to a million machines were infected with scareware.[16] The company replaced has placed a warning in the search results of users whose computers appear to be infected.


Dialog from SpySheriff, designed to scare users into installing the rogue software

Some forms of spyware also qualify as scareware because they change the user's desktop background, install icons in the computer's notification area (under Microsoft Windows), and generally make a nuisance of themselves, claiming that some kind of spyware has infected the user's computer and that the scareware application will help to remove the infection. In some cases, scareware trojans have replaced the desktop of the victim with large, yellow text reading "Warning! You have spyware!" or a box containing similar text, and have even forced the screensaver to change to "bugs" crawling across the screen.[citation needed]

SpySheriff,[17] exemplifies spyware/scareware: it purports to remove spyware, but is actually a piece of spyware in itself, often accompanying SmitFraud infections. Other AntiSpyware Scareware, may be promoted using a Vishing scam.

Uninstallation of security software

Another approach is to trick users into uninstalling legitimate antivirus software, such as Microsoft Security Essentials, or disabling their firewall.[18]

Prank software

Another type of scareware involves software designed to literally scare the user through the use of unanticipated shocking images, sounds or video.

  • The first program of this type is generally credited[by whom?] to be NightMare, a program distributed on the Fish Disks for the Amiga computer (Fish #448) in 1991. When NightMare executes, it lies dormant for an extended (and random) period of time, finally changing the entire screen of the computer to an image of a skull while playing a horrifying shriek on the audio channels.[19]
  • Anxiety-based scareware puts users in situations where there are no positive outcomes. For example, a small program can present a dialog box saying "Erase everything on hard drive?" with two buttons, both labeled "OK". Regardless of which button is chosen, nothing is destroyed other than the user's composure.[20]
  • This tactic was used in an advertisement campaign by Sir-Tech in 1997 to advertise Virus: The Game. When the file is run, a full screen representation of the desktop appears. The software then begins simulating deletion of the Windows folder. When this process is complete, a message is slowly typed on screen saying "Thank God this is only a game." A screen with the purchase information appears on screen and then returns to the desktop. No damage is done to the computer during the advertisement.

See also


  1. ^ "Millions tricked by 'scareware'". BBC News. 2009-10-19. Retrieved 2009-10-20. 
  2. ^ 'Scareware' scams trick searchers. BBC News (2009-03-23). Retrieved on 2009-03-23.
  3. ^ "Scareware scammers adopt cold call tactics". The Register. 2009-04-10. Retrieved 2009-04-12. 
  4. ^ Phishing Activity Trends Report: 1st Half 2009
  5. ^ John Leydon (2009-10-20). "Scareware Mr Bigs enjoy 'low risk' crime bonanza". The Register. Retrieved 2009-10-21. 
  6. ^ "Symantec Security Response: Misleading Applications". Symantec. 2007-08-31. Retrieved 2010-04-15. 
  7. ^ JM Hipolito (2009-06-04). "Air France Flight 447 Search Results Lead to Rogue Antivirus". Trend Micro. Retrieved 2009-06-06. 
  8. ^ Etengoff, Aharon (2008-09-29). "Washington and Microsoft target spammers". The Inquirer. Retrieved 2008-10-04. 
  9. ^ "Microsoft to sue scareware security vendors". Lunarsoft. 2008-09-29. Retrieved 2009-09-24. "[...] the Washington attorney general (AG) [...] has also brought lawsuits against companies such as Securelink Networks and High Falls Media, and the makers of a product called QuickShield, all of whom were accused of marketing their products using deceptive techniques such as fake alert messages." 
  10. ^ "Fighting the scourge of scareware". BBC News. 2008-10-01. Retrieved 2008-10-02. 
  11. ^ "Win software". Federal Trade Commission. 
  12. ^ "Court Halts Bogus Computer Scans". Federal Trade Commission. 2008-12-08. Retrieved 2009-09-12. 
  13. ^ Moheeb Abu Rajab and Luca Ballard (2010-04-13). The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution. Google. Retrieved 2010-11-18. 
  14. ^
  15. ^
  16. ^ "Google to Warn PC Virus Victims via Search Site". BBC News. 2011-07-21. Retrieved 2011-07-22. 
  17. ^ filed under "Brave Sentry."
  18. ^
  19. ^ Contents of disk #448. - see DISK 448.
  20. ^ Dark Drive Prank

Further reading

External links

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Scareware — Le terme scareware désigne un ensemble de logiciels vendus par des sociétés éditrices de logiciels, lesquelles avaient auparavant provoqué chez leurs clients potentiels de l étonnement, du stress ou invoqué des menaces imaginaires. Cette pratique …   Wikipédia en Français

  • Scareware — El scareware (del inglés scare, «miedo» y [soft]ware) abarca varias clases de software para estafar con cargas maliciosas, o con limitados o ningún beneficio, que son vendidos a los consumidores vía ciertas prácticas no éticas de comercialización …   Wikipedia Español

  • Scareware — Bei Scareware handelt es sich um Software, welche darauf ausgelegt ist, Computerbenutzer zu verunsichern oder zu verängstigen. Der Begriff ist ein englisches Kofferwort aus scare (Schrecken) und Software. Es handelt sich um eine automatisierte… …   Deutsch Wikipedia

  • scareware — noun Software that attempts to scare the user into compliance, as by displaying false warnings of virus infection …   Wiktionary

  • NightMare (scareware) — NightMare is a scareware program distributed on the Fish Disks for the Amiga computer (Fish #448). It is generally credited to be the first scareware program of its type. The program was developed by Patrick Evans (Nobleton, Ontario, Canada) in… …   Wikipedia

  • WinFixer — Developer(s) Innovative Marketing, Inc. Development status Shutdown by the United States Government; similar scams may still exist Operating system Microsoft Windows Type Scareware …   Wikipedia

  • Registry cleaner — A registry cleaner is a type of software utility designed for the Microsoft Windows operating system whose purpose is to remove redundant or unwanted items from the Windows registry. However the necessity and usefullness of registry cleaners is a …   Wikipedia

  • Doomsday (Comicfigur) — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Dieser Artikel befasst sich mit den Gegenspielern der Comicfigur… …   Deutsch Wikipedia

  • Mr. Mxyzptlk — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Dieser Artikel befasst sich mit den Gegenspielern der Comicfigur… …   Deutsch Wikipedia

  • Mxyzptlk — Dieser Artikel oder Abschnitt bedarf einer Überarbeitung. Näheres ist auf der Diskussionsseite angegeben. Hilf mit, ihn zu verbessern, und entferne anschließend diese Markierung. Dieser Artikel befasst sich mit den Gegenspielern der Comicfigur… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.