Most individuals even tangentially connected to computer usage in the workplace have heard the term malware to refer to malicious programs such as Trojan horses and viruses. Far fewer, however, may be familiar with the phenomenon of ‘scareware’. From an IT support standpoint, however, scareware can be every bit as hazardous to systems at small and medium-sized business as its better-known cousins.
Scareware consists of malware that is wrapped up to look like it is actually some form of scanning software. This is a particularly egregious tactic since it means that scareware ends up looking like the very sort of program one should install, when in fact it is precisely the opposite.
Scareware gets its name from the way the software will introduce itself to the unsuspecting user. From the outset, scareware will attempt to create a climate of fear and alarm in a user since a state of panic can be helpful in convincing that user to go ahead and install the scareware program. Scareware may appear suddenly and announce that the computer is currently under attack and will be compromised unless one or more IT solutions are immediately put into use. The solutions recommended, of course, are those that will make sure that the scareware is installed.
Some scareware is rather modest in ambition, demanding a small fee for the license to run the program that will supposedly rid you of a virus or other attack, an attack which is of course non-existent. Other forms of scareware, however, are much more malicious. Any credit card information you supply may charge against multiple times instead of the once that you have been tricked into authorizing. Even worse, once you install the rogue program masquerading as an IT solution, it may actually function as a keylogger, recording all your keystrokes and secretly sending them to a cyber-criminal hoping to find banking passwords, email account access, or other information that can be used to commit identity theft. Perhaps worst of all is the scareware that allows a remote attacker to take complete control of your system.
One way that businesses can ward off scareware attacks is to organize anti-virus and other security needs around a managed programs model in which visiting experts take charge of all IT security software installations. This guarantees that decisions about which programs to trust are made by those with full knowledge of scareware so that only legitimate programs are put onto the company's network.