Friday, September 10, 2010

what is scareware?

scareware (also called rogueware, fake AV, rogue AV, and a host of other names) is a type of malware that pretends to be legitimate security software, often for the purposes of extorting money from the user.

the traditional method of operation for scareware once it runs on the victim's machine is that it will pretend to have found security threats on the system but inform the user that in order to remove them the user must pay to register the fake security software first. the security threats that it claims to find are used to scare the user into complying with the request for registration, but they are generally either non-existent or they were purposefully planted there by the scareware.

scareware can be introduced into a system by any number of means, including drive-by downloads, installation by other malware such as bots, droppers, or downloaders, or they could even do their fake initial  scan directly from the web page that sells the scareware (sometimes with hilarious inconsistencies like scanning windows folders when you're browsing from a mac computers).

because scareware pretends to be something which it is not in order to socially engineer the user into paying the malware writers who created it, it qualifies as a type of trojan horse program. it doesn't have to try to hard in order to trick the user as users are very willing to believe anything claiming to be security, especially when it says the user is unsafe, in large part because legitimate security vendors have long trained users to trust them without question.

back to index