Symantec says more than 40 million people have fallen victim to the "scareware" scam in the past 12 months.
The download is usually harmful and criminals can sometimes use it to get the victim's credit card details.
The firm has identified 250 versions of scareware, and criminals are thought to earn more than £750,000 each a year.
Franchised out
Scareware sellers use pop-up adverts deliberately designed to look legitimate, for example, using the same typefaces as Microsoft and other well-known software providers.
They appear, often when the user is switching between websites, and falsely warn that a computer's security has been compromised.
If the user then clicks on the message they are directed towards another site where they can download the fake anti-virus software they supposedly need to clean up their computer - for a fee of up to £60.
Con Mallon, from Symantec, told the BBC the apparent fix could have a double impact on victims.
"Obviously, you're losing your own hard-earned cash up front, but at the back end of that, if you're transacting with these guys online you're offering them credit card details, debit card details and other personal information," he said.
"That's obviously very valuable because these cyber criminals can try to raid those accounts themselves or they can then pass them on or sell them to others who ultimately will try to use that information to their benefit not yours."
The findings were revealed in a report written following Symantec analysis of data collected from July 2008 to June 2009. Symantec said 43 million people fell for such scams during that period.
It has become so popular that the rogue software has been franchised out.
Mr Mallon said some scareware took the scam a step further.
"[They] could hold your computer to ransom where they will stop your computer working or lock up some of your personal information, your photographs or some of your Word documents.
"They will extort money from you at that point. They will ask you to pay some additional money and they will then release your machine back to you."
The scam is hard for police or other agencies to investigate because the individual sums of money involved are very small.
Therefore, experts say users must protect themselves with common sense and legitimate security software.
'Steal your identity'
Tony Neate, from Get Safe Online, told the BBC the threats presented by the internet had changed in recent years.
"Where we used to say protect your PC... we've now got to look at ourselves, making sure we're protected against the con men who are out there," he said.
"They want you to help them infect your machine. When they've infected your machine it's possibly no longer your machine - you've got no control over it.
"Then what they're looking to do is take away your identity, steal bits of your identity, or even get some financial information from you."
He added: "They used to be 16-year-olds in their bedrooms causing damage with viruses. Now those 16-year-olds have grown up [and] they're looking for money, they're looking for information."
BBC NEWS | Technology | Millions tricked by 'scareware'
The download is usually harmful and criminals can sometimes use it to get the victim's credit card details.
The firm has identified 250 versions of scareware, and criminals are thought to earn more than £750,000 each a year.
Franchised out
Scareware sellers use pop-up adverts deliberately designed to look legitimate, for example, using the same typefaces as Microsoft and other well-known software providers.
They appear, often when the user is switching between websites, and falsely warn that a computer's security has been compromised.
If the user then clicks on the message they are directed towards another site where they can download the fake anti-virus software they supposedly need to clean up their computer - for a fee of up to £60.
Con Mallon, from Symantec, told the BBC the apparent fix could have a double impact on victims.
"Obviously, you're losing your own hard-earned cash up front, but at the back end of that, if you're transacting with these guys online you're offering them credit card details, debit card details and other personal information," he said.
"That's obviously very valuable because these cyber criminals can try to raid those accounts themselves or they can then pass them on or sell them to others who ultimately will try to use that information to their benefit not yours."
The findings were revealed in a report written following Symantec analysis of data collected from July 2008 to June 2009. Symantec said 43 million people fell for such scams during that period.
It has become so popular that the rogue software has been franchised out.
Mr Mallon said some scareware took the scam a step further.
"[They] could hold your computer to ransom where they will stop your computer working or lock up some of your personal information, your photographs or some of your Word documents.
"They will extort money from you at that point. They will ask you to pay some additional money and they will then release your machine back to you."
The scam is hard for police or other agencies to investigate because the individual sums of money involved are very small.
Therefore, experts say users must protect themselves with common sense and legitimate security software.
'Steal your identity'
Tony Neate, from Get Safe Online, told the BBC the threats presented by the internet had changed in recent years.
"Where we used to say protect your PC... we've now got to look at ourselves, making sure we're protected against the con men who are out there," he said.
"They want you to help them infect your machine. When they've infected your machine it's possibly no longer your machine - you've got no control over it.
"Then what they're looking to do is take away your identity, steal bits of your identity, or even get some financial information from you."
He added: "They used to be 16-year-olds in their bedrooms causing damage with viruses. Now those 16-year-olds have grown up [and] they're looking for money, they're looking for information."
BBC NEWS | Technology | Millions tricked by 'scareware'
