This web site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To find out more and change your cookie settings, please view our cookie policy.

Search
  • Videos
  • Smart Cities
  • Windows 10
  • Cloud
  • Innovation
  • Security
  • Tech Pro
  • more
    • ZDNet Academy
    • Microsoft
    • Mobility
    • IoT
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
  • Newsletters
  • All Writers
    • Log In to ZDNET
    • Join ZDNet
    • About ZDNet
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Smart Cities
    • Windows 10
    • Cloud
    • Innovation
    • Security
    • Tech Pro
    • ZDNet Academy
    • Microsoft
    • Mobility
    • IoT
    • Hardware
    • Executive Guides
    • Best VPN Services
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
      • Log In to ZDNET
      • Join ZDNet
      • About ZDNet
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet China
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan
  • In order to avoid the negative publicity of a particular scareware brand, cybecriminals periodically change the brand and the layout of the application. They intention however remains the same - to scam gullible users.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • A bogus report from Doctor Antivirus claiming that 40 infections have been found, which could result in system crash, system slowdown and Internet connection loss. Some of these events can also take place once Doctor Antivirus is installed at the first place.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Just like the majority of scareware domains claim, a 100% money back guarantee is in place once you purchase the software. In reality though, by the time you find out what the software's real intentions really are, you are at risk from renewal license fees on a monthly basis, that is of course unless the domain has already been suspended and the scareware re-branded under a different name.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • That fact that the front page of Power Antivirus has the same text and looks the same -- different colors -- shouldn't come as a surprise since they're using the same template under a different scareware brand.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • eAntivirus Pro is attempting to improve its authenticity by insisting its Vista and XP service pack 3 compatible. The scareware features a very professional layout that can be easily mistaken as the site of a legitimate security vendor -- which it isn't.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Antivirus XP was once the most heavily abused scarewe brand name, until it achieved a lot of negative publicity prompting its authors to re-brand it.??The scareware site features non-clickable links to to technology sites and technology partners that are definitely unaware of its existence.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Using a standard template, it attempts to brandjack legitimate Windows Antivirus brand

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Green AV attempts to establish an environmental position by promising to donate $2 of every sale of the scareware. Needless to say that this isn't going to happen.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • In early 2007, scareware vendors attempted to localize their scareware templates, by translating them to different languages in an attempt to target citizens of particular countries. The niche is left unfilled, with the most recent known localization of the most popular scareware template, the "My Online Computer Scan" to Arabic.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another localized scareware template.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Another localized scareware template.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Another localized scareware template, using the same templates as the rest of the localized screenshots.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • A vendor of four different pieces of scareware - Antivirus 2009, AntiSpywareGuard, PopupNuker Pro and XPBooster.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another scareware releases that's including "latest threats" data as well as a fake "infected computers" counter based within your netlblock.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Fake antivirus scanning dialog box in action.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Scareware featuring a static image stating that a process is trying to send your credit card details over the net.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Features a professional layout, however it's a re-branded scareware from known previous releases.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another scareware release, due to their automated approach of coming up with the brands and the domains, this one in particular is owned by a company called "Total Virus Protection". How automatic.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware includes a fake "latest news" section making it look like the signatures database is periodically updated. It also claims 100% money back guarantee.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The brand itself is a blackhat SEO attempt to hijack related traffic. It also fetures a fake virus watch list.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • It's 2009, and scareware vendors are already shipping their 2010 releases. Sadly, this scareware domain used to feature a legitimate McAfee Secure check, however the 47+ million downloads claim are bogus.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The Antivirus+ scareware is featuring a fake "total downloads" as well as fake "total virus records" counters. Moreover, none of the review icons by popular software download or technology sites are legitimate.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware claims to outperform major antivirus solutions on the market. Several other scareware brands using the same template also claim the same.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware is once again featuring a fake "Virus Watch" section with no real data or signatures to back their claim.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware is featuring fake awards, fake comparative reviews claiming it outperforms popular antivirus vendors, and has also included a fake "Internet Threats" indicator.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • This is great example when a piece of scaware is advertising itself as an application capable of removing another scareware, in this case WinPCDefender, which they claim is a scam. Ironic.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Someone must have been very bored to come up with the Cleaner 2009 brand.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Rapid Antivirus is using a CNN logo and quotes an article stating that 90% of all Internet connected users may be infected with spyware.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware is also offering licenses to home users, small and medium business and enterprises. It is also offering technology licensing next to the typical fake virus alerts section.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The scareware pitches itself as the "most trusted antispyware available".

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another re-branded scareware brand.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Among the most popular scareware pop-up windows.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • This fake scareware scanning window is using an adult themed fear tactic by stating that traces of adult web sites have been detected on the PC.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Apparently the authors of this scareware brand didn't double check their claims, since in its current form the site states that "Antivirus VIP approve the virus and trojan attacks damage more than $4 million/hour."

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another scareware brand making false claims about its features.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Windows XP branded scareware, promising a typical, but fake, money back guarantee.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Standard scareware template seen in use by other brands.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Fake antivirus scanning in progress dialog claiming to have already detected 3 viruses.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Standard scareware template, seen in use by other brands.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • A well known scareware brand.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • A visual spoof of the Windows Security Center claiming that virus protection is turned off, and that a malware has been detected, which System Security Antivirus can take care of.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Fake comparative review of known scareware next to legitimate antivirus software.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Fake comparative review of known scareware next to legitimate antivirus software.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Fake comparative review of known scareware next to legitimate antivirus software.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • A default screen that appears upon clicking on the scareware executable.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The note claims to offer 85% discount for fake security software that simply doesn't exist.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Scareware window that is spoofing the IE security warning, in an attempt to trick the user into clicking on the real domain.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Google is your best friends in terms of searching for scareware domains that have already been identified by the community

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The use of custom search engine courtesy of Google's anti-malvertising.com initiative.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • The following domains have been registered in a combination with automatically registered Gmail accounts by having the CAPTCHA recognition process outsourced to a third-party.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another attempt by scareware site to spoof the IE security warning.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Yet another well known scareware brand.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Courtesy of the CCSS Forum.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • This scareware template attempts to trick the user into believing there's been a blue screen of death error due to detected security problems. It's fake.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Courtesy of PandaSecurity, illustrates the growth of scareware.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • Known scareware brand using template already in use by related brands.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • According to this fake scareware scanning dialog, 364 infected files have been found.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • In this fake scan progress dialog, Doctor Antivirus 2008 claims to have already found 40 malware infections.

    Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

    Caption by: Dancho Danchev

  • 0
1 of 58 NEXT PREV

The ultimate guide to scareware protection

Taking into consideration the fact that 99% of ongoing scareware campaigns rely on "visual social engineering", this gallery presents some of the most popular templates used by cybercrime gangs in an attempt to trick the end user into installing the fake security software.

Read More Read Less

In order to avoid the negative publicity of a particular scareware brand, cybecriminals periodically change the brand and the layout of the application. They intention however remains the same - to scam gullible users.

Published: September 13, 2009 -- 17:36 GMT (10:36 PDT)

Caption by: Dancho Danchev

Related Topics:

Security Security TV Data Management CXO Data Centers
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • Smart home suites match up devices for security and convenience

    Security

    Smart home suites match up devices for security and convenience

  • Adjust these Facebook privacy settings to protect your personal data

    Social Enterprise

    Adjust these Facebook privacy settings to protect your personal data

  • Social media cannot be trusted without these features

    Social Enterprise

    Social media cannot be trusted without these features

  • Facebook alternatives: Social apps you need to try

    Mobility

    Facebook alternatives: Social apps you need to try

ZDNet
Connect with us

© 2018 CBS Interactive. All rights reserved. Privacy Policy | Cookies | Ad Choice | Advertise | Terms of Use | Mobile User Agreement

  • Topics
  • All Authors
  • Galleries
  • Videos
  • Sponsored Narratives
  • About ZDNet
  • Meet The Team
  • Site Map
  • RSS Feeds
  • Reprint Policy
  • Manage | Log Out
  • Log In to ZDNET | Join ZDNet
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy