What is it?

Scareware is a type of malware that uses social engineering and fear tactics to trick victims into purchasing and downloading unwanted and potentially dangerous software.

Our Experts Explain

This class of malicious software (which also includes rogue security software and ransomware) misleads users into thinking that their computer has a virus, and then suggests that they download and pay for “fake” antivirus software to remove it. Quite often, the virus is non-existent and the AV Software is bogus and actually malware, which installs on their PC. Scareware programs became rife at the start of 2009 and have been on the rise ever since.

Scareware commonly generates pop-ups that imitate Windows system messages, often pretending to be antivirus or antispyware software, a firewall application or a registry cleaner. The messages usually intimate that infected files have been found on the computer, and the offer to purchase software to fix the problem is made. In actual fact, there are no infected files and the suggested software is probably malware. If the software is purchased, the money will be lost, as the software is effectively useless, and there is a good chance it will make the user’s computer unstable. Sometimes, the pop-up windows that appear have a clickjacking feature, which redirects the user to a malicious website or triggers a malware download if the “Cancel” or the “X” buttons are used to close the window.

In October 2008, two Texas-based businesses, Branch Software and Alpha Red, were sued by Microsoft and the Washington Attorney General. Those companies were held responsible for a product called ‘Registry Cleaner XP’, which was a widespread scareware program. Similarly, in December 2008, the Federal Trade Commission (FTC) took out a restraining order against two companies in the US, Innovative Marketing, Inc. and ByteHosting Internet Services. These companies produced a number of scareware programs including: DriveCleaner, WinAntivirus, ErrorSafe, WinFixer and XP Antivirus.

Scareware is a multi-million dollar business, with thousands of users falling victim to online scams every month. They hone in on people’s fear and lack of technical knowledge, and scareware products can dupe a user into paying out money, just by displaying a fake screen that looks like a virus attack.

Example of a Scareware Screen

As we mentioned above, Scareware often takes the form of a fake virus alert or system message. These fake windows are extremely convincing, and will trick even a seasoned computer user. No one likes seeing the “Blue Screen of Death” and this scareware product, called ‘SystemSecurity’, plays on that fear.

Figure 1: Sourced from


Examples of other spyware:

  • XP Antivirus 2009
  • Total Secure 2009
  • AdwarePunisher
  • SpySheriff

What does Scareware do?

There are three ways that Scareware might attack:

  1. Identity theft: scareware will secretly attack your computer and record your keystrokes and personal information.
  2. Stealing your credit card details: scareware will trick you into buying fake antivirus software.
  3. “Zombie” your computer: scareware will enable hackers to take remote control of your computer and use it to disseminate spam.

Tune in next week, to get some tips from our experts at FraudWatch International, on how to defend yourself from a Scareware attack.