Scareware is software advertised by fraudulent firms which falsely claims that it can remedy what turn out to be non-existent threats.
According to web security-as-a-service firm ScanSafe, scareware comprised four per cent of web-based malware blocks in 2007, dropping slightly to three per cent in 2008. However, security firm Sophos detected on average five new scareware sites a day this year.
Last week the Federal Trade Commission (FTC) won a restraining order to prevent Innovative Marketing and ByteHosting Internet Services, both scareware vendors, from continuing to trade.
But such cases remain just the tip of the iceberg, according to ScanSafe senior security researcher Mary Landesman.
"Large numbers of users are trusting scareware scams as fraudulent companies are using increasingly sophisticated techniques to lure users into downloading the software - some of the scams we have seen are branded 'Antivirus 360' and look extremely convincing," she argued.
“The FTC should be applauded for their recent progress; however, there is still a considerable amount of work to be done in the regulation of these bogus scams.”
Corporate users could be at risk if they fall for these scams as a large amount of scareware is able to bypass traditional signature-based scanners, while there is also the chance that some scareware could contain malware.
Thomas Herbert, product manager at hosting firm Hostway, warned that web site owners as well as end users need to exercise caution.
"Website owners need to constantly check their sites to make sure that they are not inadvertently hosting banner adverts containing scareware, as it will simultaneously damage their credibility and lead to disgruntled users," he added.
Authorities urged to step up scareware crackdown
By Phil Muncaster on Dec 18, 2008 6:34AM