Editing Scareware (section)

== Scam scareware ==
Internet security writers use the term "scareware" to describe software products that produce frivolous and alarming warnings or threat notices, most typically for fictitious or useless commercial [[firewall (computing)|firewall]] and [[registry cleaner]] software.  This class of program tries to increase its perceived value by bombarding the user with constant warning messages that do not increase its effectiveness in any way.  Software is packaged with a look and feel that mimics legitimate security software in order to deceive consumers.<ref>{{cite web|url=https://www.theregister.co.uk/2009/10/20/scareware_psychology/|title=Scareware Mr Bigs enjoy 'low risk' crime bonanza|author=John Leydon|date=2009-10-20|access-date=2009-10-21|website=The Register|archive-date=2017-08-10|archive-url=https://web.archive.org/web/20170810135209/https://www.theregister.co.uk/2009/10/20/scareware_psychology/|url-status=live}}</ref>

Some websites display pop-up advertisement windows or banners with text such as: "Your computer may be infected with harmful spyware programs.<ref>{{cite web|url=http://www.2-removevirus.com/remove-warning-your-computer-may-be-infected/|title=Fake Warning Example|author=Carine Febre|date=2014-10-20|access-date=2014-11-21|publisher=Carine Febre|archive-date=2017-04-10|archive-url=https://web.archive.org/web/20170410212259/http://www.2-removevirus.com/remove-warning-your-computer-may-be-infected/|url-status=usurped}}</ref>  Immediate removal may be required. To scan, click 'Yes' below." These websites can go as far as saying that a user's job, career, or marriage would be at risk. Products with advertisements such as these are often considered scareware. Serious scareware applications qualify as [[rogue software]].

Some scareware is not affiliated with any other installed programs. A user can encounter a pop-up on a website indicating that their PC is infected.<ref>{{cite web|url=http://blog.trendmicro.com/search-results-for-air-france-flight-447-lead-to-rogue-antivirus/|title=Air France Flight 447 Search Results Lead to Rogue Antivirus|author=JM Hipolito|publisher=[[Trend Micro]]|date=2009-06-04|access-date=2009-06-06|archive-date=2012-02-17|archive-url=https://web.archive.org/web/20120217223931/http://blog.trendmicro.com/search-results-for-air-france-flight-447-lead-to-rogue-antivirus/|url-status=live}}</ref> In some scenarios, it is possible to become infected with scareware even if the user attempts to cancel the notification.
These popups are specially designed to look like they come from the user's operating system when they are actually a webpage.

A 2010 study by [[Google]] found 11,000 domains hosting fake anti-virus software, accounting for 50% of all malware delivered via internet advertising.<ref>{{cite journal|url=http://krebsonsecurity.com/wp-content/uploads/2010/04/leet10.pdf|date=2010-04-13|access-date=2010-11-18|author=Moheeb Abu Rajab and Luca Ballard|title=The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution|archive-date=2019-02-20|archive-url=https://web.archive.org/web/20190220081957/https://krebsonsecurity.com/wp-content/uploads/2010/04/leet10.pdf|url-status=live}}</ref>

Starting on March 29, 2011, more than 1.5 million [[web sites]] around the world have been infected by the [[LizaMoon]] [[SQL injection]] attack spread by scareware.<ref>{{cite web |title=Mass 'scareware' attack hits 1.5M websites, still spreading |date=April 1, 2011 |work=On Deadline |url=http://content.usatoday.com/communities/ondeadline/post/2011/04/mass-scareware-attack-hits-15m-websites-so-far/1 |access-date=April 2, 2011 |archive-date=July 8, 2012 |archive-url=https://archive.today/20120708164453/http://content.usatoday.com/communities/ondeadline/post/2011/04/mass-scareware-attack-hits-15m-websites-so-far/1 |url-status=live }}</ref><ref>{{cite web |title=Malicious Web attack hits a million site addresses |date=April 1, 2011 |work=Reuters.com |url=https://www.reuters.com/article/2011/04/01/hackers-idUSN0116927520110401 |access-date=July 1, 2017 |archive-date=November 11, 2014 |archive-url=https://web.archive.org/web/20141111012809/http://www.reuters.com/article/2011/04/01/hackers-idUSN0116927520110401 |url-status=dead }}</ref>

Research by Google discovered that scareware was using some of its servers to check for internet connectivity.  The data suggested that up to a million machines were infected with scareware.<ref>{{cite news|url=https://www.bbc.co.uk/news/technology-14232577|work=[[BBC News]]|title=Google to Warn PC Virus Victims via Search Site|access-date=2011-07-22|date=2011-07-21|archive-date=2016-07-21|archive-url=https://web.archive.org/web/20160721055338/http://www.bbc.co.uk/news/technology-14232577|url-status=live}}</ref>  The company has placed a warning in the search results for users whose computers appear to be infected.

Another example of scareware is Smart Fortress. This site scares the victim into thinking they have many viruses on their computer and asks them to buy a professional service.<ref>{{cite web|url=http://support.kaspersky.com/us/viruses/rogue?qid=208286259|title=Smart Fortress 2012|website=Kaspersky Lab Technical Support|date=February 29, 2012|url-status=dead|archive-url=https://web.archive.org/web/20170128191536/http://support.kaspersky.com/us/viruses/rogue?qid=208286259|archive-date=2017-01-28}}</ref>

=== Spyware ===
Some forms of [[spyware]] also qualify as scareware because they change the user's desktop background, install icons in the computer's [[notification area]] (under [[Microsoft Windows]]), and claiming that some kind of spyware has infected the user's computer and that the scareware application will help to remove the infection. In some cases, scareware trojans have replaced the desktop of the victim with large, yellow text reading "Warning! You have spyware!" or a box containing similar text, and have even forced the screensaver to change to "bugs" crawling across the screen.<ref>{{cite web|title=bugs on the screen|url=https://social.technet.microsoft.com/Forums/en-US/8a460e01-b72b-4843-a1d1-f25a5d7016b7/bugs-on-the-screen|website=Microsoft TechNet}}{{Dead link|date=February 2022 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> Winwebsec is the term usually used to address the malware that attacks the users of Windows operating system and produces fake claims similar to that of genuine anti-malware software.<ref name=AAA>{{cite news |url= http://www.spywareloop.com/news/scareware |archive-url= https://web.archive.org/web/20141108171211/http://www.spywareloop.com/news/scareware |url-status= dead |archive-date= 8 November 2014 |title= Scareware in SpyWareLoop.com|author=  Vincentas |newspaper=Spyware Loop |date=11 July 2013 |access-date=27 July 2013}}</ref>

[[SpySheriff]] exemplifies spyware and scareware: it purports to remove spyware, but is actually a piece of spyware itself, often accompanying [[SmitFraud]] infections.<ref>[http://www.spywarewarrior.com/rogue_anti-spyware.htm spywarewarrior.com] {{Webarchive|url=https://web.archive.org/web/20180922003408/http://www.spywarewarrior.com/rogue_anti-spyware.htm |date=2018-09-22 }} filed under "Brave Sentry."</ref> Other antispyware scareware may be promoted using a [[phishing]] scam.