Defeating Scareware

We have written about this subject before, but I have been researching this security threat and have new advice.   One of the more insidious malware exploits involves the use of the fake security pop-up.  There is an excellent article on IT World about this subject if you want to get a deeper view.

Basically, if you accidently visit a web site that is infected with this attack, you will see a pop-up window down by the clock that looks like a security software alert.  It is really a browser pop-up window.  A real security warning will have the name of the security product in the title bar at the top of the window, these do not.

The problem starts when you click on ANY PART of this window.  The red X, the IGNORE button, the ACCEPT button, and any link will basically start the download process for this attack, and you are infected.  Unfortunately, these types of infections are almost always impossible to remove, and require a drive wipe and full reinstallation to fix the problem.

The solution is simple though.  First , DO NOT click on any part of the message.  Disconnect yourself from the Internet.  This will prevent anything else from downloading to your computer.  Unplug your cable or DSL modem or network cable.  Then turn your computer completely off.  Leave your Internet connection off, and turn your computer back on.  If the pop-up does not return, you may have dodged the bullet.  Turn you Internet connection back on, and open your browser.  If the pop-up does not return, you probably at this point are safe.  If it does come back, unplug from the Internet again and run a full scan using your Internet security software.  Let it remove whatever it finds.  Hopefully this will fix the problem.

But then again it may not.  You can try to use system restore to go back a day or two.  You may have to have your computer restored using the reinstallation media that came with your machine.  But this threat really does need to be removed, because it is the first part of a much worse multi-stage attack.  So be vigilant.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.