Microsoft reports that scammers are now playing on people’s fears in order to trick them into giving them their hard-earned money. By posing malware as legitimate anti-malware software, these applications have been found in 5.9 million computers.

Often these “scareware” employ the use of endless pop-ups which show while users visit certain sites. Often pestering and even threatening users that the infection will not go away without taking advantage of their “security scans” or “antivirus” software, they will either demand for payment or proceed to install malware designed to forward sensitive information to the hackers. These malware can even pretend to be legitimate software vendors such as Norton, Symantec or Microsoft.

These scams have been successful particularly due to the widespread and very real threat of viruses and worms such as the infamous Conficker worm. And while users as a whole have been more aware of these kinds of scams, fear is still a very powerful motivator and scammers prey upon these cautious tendencies, according to Microsoft. People are often too quick to trust these scams, as it seems to follow rational action to install antimalware applications.

Consumers aren’t the only one affected by this phenomenon. IT helpdesks are being tied up with complaints arising from scareware. Along with all the attention these scammers get, Microsoft believes these scammers earn hundreds of thousands of dollars each year as a result of their activities.

Notable examples of scareware include Win32/FakeXPA and Win32/Yektel. Win32/Yektel in particular, releases pop-up messages in any site containing “google” once it has been installed in your machine, and shows a link that purportedly comes from Google but is really a download link to malware. Another variant, Win32/FakeSecSen, blocks the user’s browser screen with pop-ups to annoy the user. The pop-up’s close button will apparently be not working, and may accidentally trick the user into paying to download malware just to get rid of the annoying pop-ups.

Microsoft urges users to be careful when receiving email from unknown sources and refrain from clicking dubious links or downloading attachments from these sources. Users should also avoid clicking supposed links to legitimate e-commerce pages which may in fact be spoofed sites that is designed to trick you into divulging sensitive information. It is advised to use bookmarks of certified links instead.