Scareware generates pop-ups that look like Microsoft Windows system warnings and alerts for anti-virus/anti-spyware software, registry cleaners or firewalls. These deceptive pop-ups create a user call to action to purchase scareware and repair alleged errors.

Scareware may include a clickjacking feature to redirect a user to an attacker’s website or initiate a malware download if a user tries to close the pop-up. Scareware also coerces users into uninstalling legitimate anti-virus software. If a suspicious pop-up appears, the user is advised to right click on the taskbar item and select close, or exit the browser by selecting Ctrl-Alt-Del to terminate the browser process.

Scareware infects users and their computers via any of the following methods:

• Email scams masked as breaking news alerts or greeting cards
• Ads providing free scans or system clean-ups and displaying a long list of unknown threats to generate user fear
• Affected websites retrofitted to take advantage of software vulnerabilities