You’re browsing along on the Internet, just like you do every night before you go to bed. You head over to your favorite news site, when suddenly something disturbing pops up:
“Wow! Windows detected viruses! Good ol’ Microsoft, always protecting me…” you think to yourself, and confidently click Remove All. Its bold and authoritarian letters will surely do the job. However, you’ve just unwittingly taken the first step down a slippery and potentially expensive slope.
Upon closer examination of the window, you notice a few items that strike you as odd:
- What is “Windows Web Security?” I’ve never heard of that product.
- The shield is yellow- I thought Microsoft Security Alerts are red.
- The description has bad grammar and poor sentence structure. Why would Microsoft write something like that?
As you’ve probably already deduced, this isn’t a Windows Security window at all. It is actually the number one method of obtaining a virus today: Rogue Antivirus software, and once it’s installed, it may be very difficult to remove.
Rogue Antivirus software is a multi-million dollar industry, in the same way that credit card fraud is a multi-million dollar industry…neither are legit, but both are profitable. It’s also infuriating, because what is essentially happening is someone is holding your computer hostage, and wanting you to pay a ransom to get it back. Here’s a breakdown of the scam:
- A hacker “injects” some code into a banner ad or a website that is designed to generate a pop-up window crafted to look like something Windows or your own antivirus software would display.
- When you browse to the site and the code is activated, it will persistently keep displaying the pop-up window, hoping you will click the “Remove” or “Clean” button.
- When you try to remove the bogus infections, you are usually prompted to install additional software. This is where the actual infection of your computer begins.
- After the software is installed, those pop-up windows are now being generated on your computer. You’ll start seeing them no matter if you’re browsing or not. Often the software blocks access to site that can help you, such as Microsoft, Google, Yahoo, antivirus software sites, etc.
- After being infected for a while, you will get a message saying something to the effect of “We can’t clean your computer…but for $49.95 you can get the FULL version of our software that will get you fixed up!”
The unsuspecting victim will then enter their credit card information, making them pay for the very software that is causing the infection (not to mention being open to credit card fraud). Many of these companies are being ran out of Russia and China, so they are beyond the reach of U.S. law enforcement. The best thing you can do to protect yourself is preparation and education. Here’s some tips on how to avoid the scam all together:
- Windows Updates! As a technician, I hear this everyday: “I have Windows Updates turned off. I don’t want anything being installed on my computer!” This is the WORST thing you can do. Microsoft products may be known for having their fair share of security issues, but they do tend to respond to threats quickly. Unless you’re going to take it upon yourself to read security news 24 hours a day and apply patches yourself as soon as they come out, you’re leaving yourself open to Rogue AV and other types of security problems. For home users, Windows Updates should always be turned on. For servers and workstations, your IT department needs to be vigilant with applying updates as they come out.
- Read Before You Click! This is the easiest piece of advice I can give, but it generally goes unheeded. Anytime something pops up on your computer, make sure to read the content TWICE before clicking on a button. In the example above, you may have skimmed over the text, and everything seemed hunky-dory. However, reading it again revealed the mistakes and things that didn’t make sense. Don’t commit to anything on your computer unless you understand what the consequences will be.
- Don’t Click! If you do go to a website and get a fake security window, do not click on any buttons inside the window. There is no telling what effect those buttons will have. Sometimes they even have confusing text: “Do wish to NOT cancel installing this software?” Click the red X to close the window. If you’re not able to close it, tap Alt-F4 on your keyboard repeatedly. This should close any open windows on your screen. If all else fails, simply reboot.
- Real Antivirus Software! It’s amazing the number of people who don’t worry about running antivirus software until after they are infected. It is very difficult to remove a virus after the fact—kind of like putting locks on your doors after the burglar broke in. You will want to run decent antivirus software to protect yourself. Microsoft Security Essentials is a decent free program for the home user. Corporate users can consider monitored antivirus software, such as GFI’s Vipre. You should also have a specialized cleaning tool installed just in case something gets through. I’ve had great success with Malwarebytes and Spybot as backup protection- they don’t provide “active” protection, but they are able to target specific types of infections that normal AV software often misses.
- Don’t believe it! Rogue AV pop-ups are getting more and more advanced. Some can even tell what type of antivirus software you are running, and specifically generate a window that mimics something your brand of software would generate. For instance, you may see something that says “Norton detected the following…” I’ve been recommending that people disregard ANY virus notices that pop up in the middle of the screen. If you see one, close it and run a scan yourself. It’s the only way to be sure.
Follow these tips and you can pretty much “spyware proof” your computer. Take all that money you’ve saved on repairs and buy yourself something nice, but please consider donating to the “Unemployed Repair Technician” fund. Since you’re no longer paying them, they’ll need to find a new way to put food on the table.