Scareware is a type of rogue program which has been around for many years, arguably dating back to 1990. It can be installed without permission, or via deception and false promises. Scareware is primarily used to panic or worry someone into performing a task they otherwise wouldn’t have done. There are some caveats to this, which we’ll cover below.
The rest of this article will reference scareware programs which are intended to be malicious. This means asking for payment, locking devices, or acting in a malware-like manner. Joke / trick programs need not apply (unless they’re also doing something malicious). There are, broadly, a number of different categories which various kinds of scareware fall into. Bogus web browser messages often assist shareware installations. As such, we’ll look at those too.
Examples of scareware
Fake security software
Predating ransomware, rogue scanners used to be a major plague on the security landscape and are still problematic to this day. At one point, you simply couldn’t move for bogus programs. The standard procedure was to warn of infections via browser popups, or hijacked surfing and pages you couldn’t navigate away from. Bogus security programs would run a fake scan, and warn of fake infections. They’d also ask for payment to “unlock” the full version of software so cleaning could take place.
Many types of fake security software imitate the design / name of real programs, in order to seem more convincing.
Scareware as a system menace
Many fake security tools do little beyond triggering aggravating popups or fake infection warnings. They “just” want you to hand over some money for a useless program. Others go further, acting the same way actual spy/malware does while simultaneously saying the PC has an infection (spoiler – it does, but not in the way victims might think). Rogues changing desktops with fake blue screen of death imagery, restarting when trying to uninstall scareware, disabling genuine security tools, and much more are par for the course in this realm.
Web browser lockers
Although not an install, browser lockers were an integral part of how scareware used to end up on systems in the first place. Typically, this involved a web page using code to prevent the user shutting the browser window (or tab, after tabs were introduced). Some browser lockers would make the browser go full screen (as if you’d pressed F11) and use “scare” tactics as the webpage background.
This commonly took the form of fake representations of people’s “This PC” section, complete with representation of C or D drives, generic folders like Music / Pictures and so on. As mentioned, others would display fake BSoD screens. Whatever it took to panic the viewer into downloading and purchasing offered software.
Many of these techniques ended up making their way into the hands of malvertisers. In fact, it’s not unusual to see malvertisers directing device owners to scareware messaging. You’ll notice the product at the end of that particular chain isn’t fake security software offering a cleanup. It’s a VPN. There’s at least some folks out there who may think installing it may be enough to “fix” the fictitious virus infestations. That’s all it takes for some money to change hands.
How to prevent scareware
Many scareware experiences begin with bad browser experiences. It pays to have a fully updated browser at all times to reduce the risk of attack from exploits. Additional extensions like our Browser Guard will further lower the possibility of scare screens and fake messaging.
Dire warnings of multiple infections out of the blue are a big hint scareware is in the offing. So too are immediate demands for payment, popups which won’t go away, tabs which refuse to close. Pressure to make decisions right away “or else” are also a major red flag. Ad blockers will help reduce the possibility of redirects to scareware and malvertising from bad ads. Double win!
General awareness of common social engineering techniques will also help steer you away from panic-based decisions. While scareware isn’t the mainstream force it once was, it still has the capacity to shock the money from your bank account. Stay safe out there!