Scareware



Scareware is several classes of software, often with limited or no benefit, that are sold to consumers by certain unethical marketing practices. The selling approach is designed to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics. A frequently used tactic is to convince users that their computer is infected with a virus, then suggest that they download, and pay for, anti-virus software to remove it. Usually the virus is entirely fictional and the software is non-functional or malware.[1] According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008.


Shock-based scareware

This class of scareware is designed to literally scare the user through the use of unanticipated shocking images, sounds or video. The first program of this type is generally credited to be "NightMare", a program distributed on the Fish Disks for the Amiga computer (Fish #448) in 1991. When NightMare is executed, it lies dormant for an extended (and random) period of time, finally changing the entire screen of the computer to an image of a skull while playing a horrifying shriek on the audio channels.


Anxiety-based scareware

Anxiety-based scareware will put a user in situations where there is no positive outcome. For example, a small program that presents a dialog box saying "Erase everything on hard drive?" with two buttons, labeled "OK" and "OK". Regardless which button is chosen, nothing is destroyed other than the user's composure.


Alert-based scareware

Scareware is also used to describe software products that while serving some desired purpose also produce a lot of frivolous and alarming warnings or threat notices, most typically commercial firewall and registry cleaner software. This class of program tries to increase its perceived value by bombarding the user with constant warning messages that do not increase its effectiveness in any way.

Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs. Immediate removal may be required. To scan, click 'Yes' below." These websites go as far as saying that a user's job, career, or marriage would be at risk. Products using advertisements such as these are often considered scareware. Serious scareware applications qualify as Rogue software.

In recent findings some scareware is not affiliated with any other installed programs. A user can be approached with a pop-up from a website indicating that their PC is infected. In some scenarios it is possible to become infected with scareware even if the user attempts to cancel the notification. These popups are especially designed to look like they are from the user's operating system when they are actually a webpage.

In 2005, Microsoft and Washington state successfully sued Secure Computer (makers of Spyware Cleaner) for $1 million over charges of using scareware pop-ups. The attorney general has also brought lawsuits against Securelink Networks, High Falls Media and the makers of Quick Shield.[4]

In October 2008, Microsoft and the Washington attorney general filed a lawsuit against two Texas firms, Branch Software and Alpha Red, producers of the Registry Cleaner XP scareware.[5] The lawsuit alleges that the company sent incessant pop-ups resembling system warnings to consumers' personal computers stating "CRITICAL ERROR MESSAGE! - REGISTRY DAMAGED AND CORRUPTED", before instructing users to visit a web site to download Registry Cleaner XP at a cost of $39.95.

The Federal Trade Commission also won a restraining order in December 2008 against two US companies, Innovative Marketing, Inc. and ByteHosting Internet Services who are responsible for marketing the scareware applications WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus. It is estimated that they managed to trick over a million US customers into buying their fake products.


Spyware

Some forms of spyware also qualify as scareware because they change the user's desktop background, install icons in the computer's system tray (under Windows), and generally make a nuisance of themselves, claiming that the user's computer is infected with some kind of spyware that the scareware application will help to remove. This tactic is not used by legitimate anti-spyware applications.

One example is SpySheriff,[7] a program that purports to remove spyware, but is actually a piece of spyware in itself, often accompanying SmitFraud infections.

Source