Scareware or rogueware — fake security software that attempts to steal money from computer users by tricking them into paying to remove nonexistent threats — is rapidly becoming one of the most lucrative activities for cybercriminals, raking in as much as $34 million per month by some estimates.
PandaLabs, Panda Security’s malware analysis and detection laboratory, says that approximately 35 million computers are newly infected with scareware each month.
Rogue security products can be difficult to spot by end-users who may not be particularly computer-savvy. Some known scareware products carry legitimate-sounding names such as WinFixer, WinAntivirus, Windows Pro Police, DriveCleaner, ErrorSafe and XP Antivirus, and feature professional-looking graphics. Pop-ups typically warn that threats such as viruses, spyware or registry errors have been detected, and users are baited with the offer of a free scan to identify all threats. Then comes the catch — one must purchase the application to get rid of these alleged threats.
Worse yet, scareware frequently seems to leave users with no options. Upon execution, these rogue products not only prevent legitimate security software from loading, but also block access to system tools, third-party applications and security Web sites with the claim that these all represent unsafe executions. Each mouse click only produces more prompts and more offers to download installation files. This is when exasperated users are most likely to give in and buy the bogus products.
In a best-case scenario, the product will simply deactivate its own scareware. In the worst cases, users, having already surrendered credit card and other personal information during the purchase process, will actually wind up downloading additional malicious code such as Trojans, keyloggers or bots that will continue to silently infect their PCs.
Industry experts say there often is a way out of these ambushes with a few simple steps. The first thing to do is end the pop-up nightmare and regain control of the desktop by killing the scareware processes. This involves pressing “ctrl+alt+delete,” clicking on the Windows Task Manager tab and terminating suspicious processes such as the exe file for the offending scareware (i.e. “winfixer.exe). This should allow you to run an anti-virus scan to find and remove the offending program and its related files. Freeware tools from Malwarebytes and Superantispyware are known to be effective in rooting out and eliminating scareware.
Webroot, a provider of antivirus and antimalware applications, further recommends the following precautions against scareware and rogueware:
