The Three Types of Malware that Scare, Threaten, and Abuse
What is a Scareware?
A scareware is a form of malware that poses as a security program, pretends to scan for threats and malware on your computer, and then lures you into paying real money in exchange for solving the imaginary threats.
A typical scareware creates a pop-up screen to warn you that your computer has an immediate, serious issue. These warnings can be about fictitious malware infecting your computer or an imaginary software issue.
The pop-up screens are often a copy of legitimate antivirus program warnings – complete with the names of the supposedly blocked malware, bogus scanning reports on your computer, and can even include data on your IP address and geographic location to give the warning that personal touch and a bit of apparent authenticity.
Other pop-ups mimic the look and text of warnings from your computer. These pretend to warn users about serious disk or software issues by imitating Microsoft’s “blue screen of death” and other warning screens.
Scareware Can Be Found Everywhere
Scareware can be found while surfing the internet, attached to spam emails, and are sometimes distributed via sponsored browser search results.
In addition, the scareware files might not trigger an alert from your antivirus software because they aren’t doing anything malicious.
But, there is a distinct difference between encountering a scareware and being duped by it. As a general rule, scareware works thanks to social engineering and is dependent on a computer user such as you clicking the “yes” button. Without the recipient either emotionally or impulsively responding with an affirmative click, nothing happens – most of the time.
What should you do when a scareware appears?
When a scareware appears on your computer, the best response is to shut down the browser immediately. Don’t click on either the “Close” or the “No” buttons on the pop-up screen as some scareware variants have been designed to send computer users to a malware distribution site when these buttons are clicked on.
Once you have clicked “OK” and inadvertently downloaded the malware, it can be a much more difficult and involved task to remove the files completely from your computer. The specific steps for complete removal will vary according to the type of malware and the antivirus software on your computer.
What is a Ransomware?
Ransomware is a type of malware which tries to frighten or force the computer users into paying a ransom by restricting access to the infected device or threatening legal action.
Unlike scareware, ransomware can result in the infected computer being completely inoperable.
Ransomware can be picked up like any other malware as it is primarily distributed through infected webpages and email links. One variant is spread by a Zeus Trojan derivative, a malware toolkit better known for stealing financial data.
Ransomware is divided into two basic groups: encrypting and non-encrypting. Some variants in the first group use a commercial-grade encryption to obfuscate files and force the victims into paying for the decryption key.
Other variants in the second group present themselves as members of law enforcement groups and threaten users with legal action or lock files to make normal computer use difficult.
Ransomware May Display Pornographic Images on Your Computer
Non-encrypting ransomware locks the infected computer until the ransom is paid but does not encrypt the files. WinLock, one of the first examples of this genre, locked machines and displayed a pornographic image until users sent a premium text message in to get the unlocking code. This tactic was particularly successful for cybercriminals based in the former Soviet bloc.
But the common tactic of a pop-up warning that illicit pornography has been found on your computer – regardless of what you had been previously looking at – has now gotten much more explicit.
One variant locks the victim’s browser while showing a screen purporting to be from a police unit. This screen also contains child pornographic images along with details such as the personal details of the computer user, their IP address, and even their picture if the infected computer has a webcam.
It also contains information how to pay the ransom note. Researchers have discovered that the pop-up does not appear at the moment of infection, but waits until the victim has been using their computer for a period of time, thus, complicating detection.
Fake antivirus may create real problems
Fake antivirus is just that – a collection of software that falsely claims to protect you from malware and even worse, might actually infect your computer with an array of dangerous malware.
Fake antivirus is delivered to the victims’ computers through a wide assortment of channels including email attachments, poisoned browser searches, and infected websites. It is an extremely common way for cyber criminals to monetize or make money out of malware. Researchers have identified over a half million variants of fake antivirus programs.
Once it has been downloaded to the victims’ computer, it can harass the user and interfere with the normal operation of the machine until payment has been made. And that isn’t the end of the story either. For many variants, the problems continue even after the payment has been made to the cyber criminals.
Scareware/fake antivirus is now designed for everyone – PCs, Macs, and Androids
Scareware and fake antivirus thrive where there are new products, new threats, and a poorly informed audience. Early examples of scareware were focused on Windows and PC computers, and ignored Macs almost completely.
This has changed with the growth in the popularity of Apple’s X OS, and the current surge in Android usage. MacDefender, one of the earliest forms of Mac malware, combined scareware and fake antivirus features. Android is now a viable target with Android Defender is one of the first examples of a scareware/fake antivirus targeting this operating system.
Vulnerability is no longer a question about having the wrong operating system. It’s about cyber criminals feeding on a user’s fear of a potential security risk which may not be solved by their devices’ security software.
What is the difference between scareware, fake antivirus, and ransomware?
Malware categories are not etched in stone. Cyber criminals continually look for the combination of visual and technical features that they believe will make them the most money. Thus, their malware portfolio changes over time. These changes make it impossible to define many malware variations consistently.
Fake antivirus is often marketed via scareware, but with an important distinction – Fake antivirus is actual software which can damage your computer and leave it vulnerable to other types of malware. The difference, at least from a computer user’s perspective, is that scareware just scares and fake antivirus is a package of computer code which may or may cause additional harm.
Ransomware, especially the non-encrypting variety, can lock down an infected computer to extract a ransom payment.