Thursday, September 8, 2011

What Is Scareware?

Scareware is fraudulent and malicious software that is advertised as being a virus scanner or other security software. Scareware, also known as rogue scanners, goes by many different names. Some of the more common include XP Antivirus, SpywareSheriff, and SpyFalcon (see: 69 Scanners to Avoid).
Once on the system, the scareware typically displays false virus alerts, with instructions to buy the "full version" in order to remove the fictional infections. Wasting your hard-earned dollars on a bogus product isn't the only thing you need to worry about. There have been multiple reports from folks who fell for the scam only to end up with credit card charges much higher than expected - and often a series of fraudulent charges continue to appear on their statements. Victims typically encounter rogue scanners in one of three ways:
  • Email scams disguised as greeting cards or breaking news alerts;
  • Advertisements that offer a free scan or system tune-up;
  • Compromised websites retrofitted to exploit software vulnerabilities.
Preventing Scareware
Scareware is often distributed through legitimate advertising channels on websites. One of the best ways to avoid a scareware infection is to disable active scripting being fed through third party websites. The easiest way to do this is to use NoScript (available for Firefox only).
You should also keep your legitimate antivirus/antispyware scanner up to date. You can also help mitigate your risk of exposure by reading email in plain text only and avoid clicking links or opening attachments in email received unexpectedly - even if it comes from someone you know.
Of course, you should never respond to ads from strangers - stick with the good guys. For a free online scan, use one of these top online scanners. Keep your system patched to prevent exploit: use the free Secunia Software Inspector at least monthly to check your system for vulnerabilities that need patching.
How to Spot Scareware
A classic symptom of a rogue scanner is getting unexpected virus alerts from a product you don't recall installing. Before you do install a new scanner or other security software, check first to make sure it's not on the rogue scanner list. If you are receiving virus alerts unexpectedly, follow these Six Steps to Tell if a Virus Alert is Legit.
Removing Scareware
First and foremost, absolutely do not let the rogue scanner connect to the Internet. Typically, an uninstaller is placed under the Add/Remove Programs option in Control Panel - but the uninstaller seldom works. If your existing antivirus can't remove the rogue scanner, use SmitFraudFix - a free tool that specializes in the removal of this specific type of malware.