Scareware

Scareware is a super-fast growing category of threats to your computer-and your wallet. Scareware is a general (and catchy) term for programs that pretend to be something they are not and scare you into taking some action. It is also known as rogue software and includes programs such as fake antivirus, fake antispyware and the like.

Google did a study over 13 months of 2009 an 2010 showing that "the lifespan of domains distributing Fake AV attacks has decreased significantly". Here's a chart showing that trend:

Allow me to explain this. Scareware infects your computer when you visit a web site that has been hijacked by a hacker. The hacker "injects" poisoned computer code into the HTML of the web site. Then when you visit, you get infected by various methods.

You'll probably be re-directed to a malicious web site somewhere else. Once there, your computer will download a fake AV program and you'll instantly start getting pop-up windows claiming you are infected by a whole list of nasty things.

Then the scareware will continue popping up messages telling you that your system is infected with (usually) dozens of viruses, Trojans, and spyware. This is so ironic since the fake antivirus program itself is the real problem.

You'll probably be told to "run a scan" by the bogus software. Then you discover that you can't use the program to remove the "threats" until you buy the "upgraded" version at some web site.

If you want some really technical reading (be careful, you might hurt your brain), Google published a paper that you can download here.

Scared yet? Since these scams are detected very quickly by AV companies and researchers, these malicious sites get blocked by browsers and security products. So, what the chart is telling us is that they move the fake software downloads somewhere else and they're doing it faster all the time.

The technical details aren't important to us here. The point is that, as usual, the bad guys are a step ahead of us nearly all the time.

So, here's the bottom line: Run a well-known, high quality Internet security suite and KNOW the name of it. Then, if you do get some official looking software popping up messages all over the place telling you you're infected, be very careful about doing anything at this point.

If you don't recognize the name of the program, it's probably scareware. Here's a Wikipedia list of fake programs. And here's a picture of one of them called Windows Defender 2010. This IS NOT AT ALL connected to Windows Defender that comes with Microsoft Windows. This is how tricky they are about it. They even use fake "awards" from the same independent labs that I use for reviews.

But even if you get infected by something that's not on this list, be afraid. Try running a complete scan with your known good security suite. If that doesn't come up with anything, then use one of these free tools as well:

• SuperAntiSpyware
• Ad-Aware Free
• SpyBot Search and Destroy
• CWShredder

Sometimes these fake programs try to stop the AV program from stopping it. If you're up to the task, you might need to get your hands dirty and kill the "process" that the malware program lives in with a little program called RKill.

If this is all gobbily-gook to you, don't worry about it. Just go to this web site, download RKill, and follow the directions. If that's too much for you, it might be time to call the Geek Squad. But whatever you do, make sure you've backed up your computer first. You don't want to lose everything because a fake AV program trashed your system!

Here's a good practice to get into that can save you lots of headaches: Download several of these free tools and put them on a flash drive. If you're computer is infected and has blocked you from the Internet, you can use the tools on the flash drive to clean things up until you can get a connection.