Browse Definitions :
Definition

scareware

Scareware is a type of malware designed to trick victims into purchasing and downloading useless and potentially dangerous software.

Scareware, which generates pop-ups that resemble Windows system messages, usually purports to be antivirus or antispyware software, a firewall application or a registry cleaner. The messages typically say that a large number of problems -- such as infected files -- have been found on the computer and the user is prompted to purchase software to fix the problems. In reality, no problems were detected and the suggested software purchase may actually contain real malware. If the user falls for the scam, he will lose the money he paid for the useless software and he may also make his computer unusable. Frequently, the message window has a clickjacking feature that takes the user to the attacker's Web site or initiates a malware download if the user clicks "Cancel" or the "X" to close the window.

In October 2008, Microsoft and the Washington attorney general sued two Texas-based companies, Branch Software and Alpha Red. Those two companies are responsible for Registry Cleaner XP, a very common scareware program. In December 2008, the Federal Trade Commission (FTC) initiated a restraining order against two companies in the United States, Innovative Marketing, Inc. and ByteHosting Internet Services. Scareware programs produced by those companies include DriveCleaner, WinAntivirus, ErrorSafe, WinFixer and XP Antivirus.

If you encounter a suspicious pop-up, you should right-click on the item in the task bar and select "Close" or manually exit the browser by clicking Ctrl-Alt-Delete. To protect your system from future attempts, install a good pop-up blocker and configure it to prevent pop-ups from sites other than those that you specifically allow.

This was last updated in August 2010

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

  • RAM (Random Access Memory)

    RAM (Random Access Memory) is the hardware in a computing device where the operating system (OS), application programs and data ...

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • M.2 SSD

    An M.2 SSD is a solid-state drive that is used in internally mounted storage expansion cards of a small form factor.

Close