Malware that uses social engineering techniques to manipulate users into installing or purchasing unnecessary software.

Scareware: definition

Scareware is a type of malware that uses social engineering to cause panic and concern, or to convince users that there is a specific threat that leads the user into installing or buying unnecessary software. This threat is related to fake antivirus programs or software for disinfection and recovery.

In most cases, the virus mentioned is fictitious and the recommended software does not work, or installs real malware. Scareware can also refer to any application or virus designed to trick users and cause panic or concern.


How it works

These types of programs exaggerate the threat level, saturating users with constant warnings. What's more, the software they offer imitates genuine security programs in order to trick users.

Most scareware attacks follow the same pattern. Pop-up windows repeatedly warn that dangerous files or pornographic material has been detected on the computer. They continue to appear incessantly until the user clicks to ‘remove all threats’ or registers to buy the supposed antivirus software.

Other variations of scareware urge users to uninstall their real antivirus software or disable the firewall. As antivirus products normally include protection to prevent other programs from disabling them, scareware turns to social engineering to convince users to disable features that would otherwise prevent the malware from running.

If the antivirus message does not come from a program that you recognize and have personally installed, do not click in the pop-up window. The most advisable action is to shut down the computer and then run a security scan with genuine antivirus software that can detect and neutralize this threat.


Winwebsec and other examples of scareware

In Windows environments, the term 'Winwebsec' refers to malware that targets users of this OS and generates fake warnings that imitate those of the original security software.

One of the most common cases is SpySheriff, a type of malware that imitates anti-spyware and tries to trick users into buying a program by repeatedly warning of fake threats. This software is particularly difficult to remove, as it hides its components in the ‘System Recovery’ folder, as well as blocking some administrator tools. Another example of scareware is Smart Fortress, which warns users that they have viruses on their computer, and asks them to purchase a fake disinfection service.


Scareware and other threats

SpySheriff exemplifies the cross-over between spyware and scareware. It claims to eliminate the threat; yet, in reality, the warnings are part of the attack. This malware often accompanies SmitFraud Trojan infections. Similarly, scareware can be spread using phishing.