The ultimate guide to scareware protection
Image 1 of 54
Diverse portfolio of fake security software - scareware-
In order to avoid the negative publicity of a particular scareware brand, cybecriminals periodically change the brand and the layout of the application. They intention however remains the same – to scam gullible users.
Scareware Doctor Antivirus 2008 Fake "You're Infected" dialog box
A bogus report from Doctor Antivirus claiming that 40 infections have been found, which could result in system crash, system slowdown and Internet connection loss. Some of these events can also take place once Doctor Antivirus is installed at the first place.
Spyware Preventer front page
Just like the majority of scareware domains claim, a 100% money back guarantee is in place once you purchase the software. In reality though, by the time you find out what the software’s real intentions really are, you are at risk from renewal license fees on a monthly basis, that is of course unless the domain has already been suspended and the scareware re-branded under a different name.
Power Antivirus front page
That fact that the front page of Power Antivirus has the same text and looks the same — different colors — shouldn’t come as a surprise since they’re using the same template under a different scareware brand.
eAntivirus Pro 2008
eAntivirus Pro is attempting to improve its authenticity by insisting its Vista and XP service pack 3 compatible. The scareware features a very professional layout that can be easily mistaken as the site of a legitimate security vendor — which it isn’t.
Windows Antivirus
Using a standard template, it attempts to brandjack legitimate Windows Antivirus brand
Green AV Scareware
Green AV attempts to establish an environmental position by promising to donate $2 of every sale of the scareware. Needless to say that this isn’t going to happen.
Sumejor Antivirus
In early 2007, scareware vendors attempted to localize their scareware templates, by translating them to different languages in an attempt to target citizens of particular countries. The niche is left unfilled, with the most recent known localization of the most popular scareware template, the “My Online Computer Scan” to Arabic.
PC Antiviren Loesung
Yet another localized scareware template.
Votremeilleuranti Virus
Another localized scareware template.
PC Beveiligings Systeem
Another localized scareware template, using the same templates as the rest of the localized screenshots.
SecureData Group Ltd.
A vendor of four different pieces of scareware – Antivirus 2009, AntiSpywareGuard, PopupNuker Pro and XPBooster.
Antivirus 2009 Protection
Yet another scareware releases that’s including “latest threats” data as well as a fake “infected computers” counter based within your netlblock.
Antivirus 2009
Fake antivirus scanning dialog box in action.
e-Kerberos
Scareware featuring a static image stating that a process is trying to send your credit card details over the net.
Total Virus Protection
Yet another scareware release, due to their automated approach of coming up with the brands and the domains, this one in particular is owned by a company called “Total Virus Protection”. How automatic.
Win Defender 2009
The scareware includes a fake “latest news” section making it look like the signatures database is periodically updated. It also claims 100% money back guarantee.
XP Antivirus Protection
The brand itself is a blackhat SEO attempt to hijack related traffic. It also fetures a fake virus watch list.
Adware Professional 2010
It’s 2009, and scareware vendors are already shipping their 2010 releases. Sadly, this scareware domain used to feature a legitimate McAfee Secure check, however the 47+ million downloads claim are bogus.
Antivirus+
The Antivirus+ scareware is featuring a fake “total downloads” as well as fake “total virus records” counters. Moreover, none of the review icons by popular software download or technology sites are legitimate.
Antivirus Agent Pro
The scareware is once again featuring a fake “Virus Watch” section with no real data or signatures to back their claim.
Malware Removal Bot
This is great example when a piece of scaware is advertising itself as an application capable of removing another scareware, in this case WinPCDefender, which they claim is a scam. Ironic.
Cleaner 2009
Someone must have been very bored to come up with the Cleaner 2009 brand.
Rapid Antivirus
Rapid Antivirus is using a CNN logo and quotes an article stating that 90% of all Internet connected users may be infected with spyware.
Smart Antivirus 2009
The scareware is also offering licenses to home users, small and medium business and enterprises. It is also offering technology licensing next to the typical fake virus alerts section.
Spyware Removal
The scareware pitches itself as the “most trusted antispyware available”.
Spyware Guard 2009
Yet another re-branded scareware brand.
My Online Computer Scanner
Among the most popular scareware pop-up windows.
Adult content detected!
This fake scareware scanning window is using an adult themed fear tactic by stating that traces of adult web sites have been detected on the PC.
Antivirus VIP
Virus Response Lab 2009
Yet another scareware brand making false claims about its features.
XP Shield
Windows XP branded scareware, promising a typical, but fake, money back guarantee.
Advanced Antivirus
Standard scareware template seen in use by other brands.
Advanced Virus Remover
Fake antivirus scanning in progress dialog claiming to have already detected 3 viruses.
Antivirus BEST
Standard scareware template, seen in use by other brands.
Antivirus XP 2008
A well known scareware brand.
Security Center Scareware
A visual spoof of the Windows Security Center claiming that virus protection is turned off, and that a malware has been detected, which System Security Antivirus can take care of.
Malware Destructor 2009
Fake comparative review of known scareware next to legitimate antivirus software.
Windows Security Suite
Fake comparative review of known scareware next to legitimate antivirus software.
Virus Shield 2009
Fake comparative review of known scareware next to legitimate antivirus software.
Antivirus 2008 Installer
A default screen that appears upon clicking on the scareware executable.
Scareware Price Discount
The note claims to offer 85% discount for fake security software that simply doesn’t exist.
Scareware spoofs IE security warning
Scareware window that is spoofing the IE security warning, in an attempt to trick the user into clicking on the real domain.
Searching for scareware domains
Google is your best friends in terms of searching for scareware domains that have already been identified by the community
Searching for scareware domains 2
The use of custom search engine courtesy of Google’s anti-malvertising.com initiative.
Sample scareware domains
The following domains have been registered in a combination with automatically registered Gmail accounts by having the CAPTCHA recognition process outsourced to a third-party.
Scareware spoofs IE security warning 2
Yet another attempt by scareware site to spoof the IE security warning.
Personal Antivirus
Yet another well known scareware brand.
Trusted Antivirus/Security Vendors
Courtesy of the CCSS Forum.
Fake Blue Screen of Death Scareware
This scareware template attempts to trick the user into believing there’s been a blue screen of death error due to detected security problems. It’s fake.
The growth of scareware
Courtesy of PandaSecurity, illustrates the growth of scareware.
Ulta Antivir 2009
Known scareware brand using template already in use by related brands.
My Documents Scareware Scanning Dialog
According to this fake scareware scanning dialog, 364 infected files have been found.
Doctor Antivirus 2008
In this fake scan progress dialog, Doctor Antivirus 2008 claims to have already found 40 malware infections.