This is a tactic used to alarm you into thinking that your computer is infected with a virus, and then suggest that you download, and pay for, anti-virus software to remove it. These programs prey on your fear (hence the name scareware). According to the Anti-Phishing Working Group, the number of scareware programs in circulation rose from 2,850 to 9,287 in the second half of 2008.
The scam works like this: You’re visiting a legitimate Web site and you’re confronted with a pop-up box (see below) alerting you that malware or spyware has been found on your PC and you must either run a scan or download software to fix the problem. The dialog boxes often look very much like the legitimate ones generated by the Windows Security Center, complete with the familiar Windows icon and the Security Center’s shield icon.
But, any user who clicks on the box is in for a nasty surprise. Many scareware programs install either a Trojan horse application that sits silently on the user’s PC, recording keystrokes and stealing passwords and other valuable data, or a useless piece of software that does nothing. Often, even clicking on the “cancel” button or the X in the top of the dialog box will begin the download process.