The Worst Kind of Virus
By Robert McMillen, Koin’s Tech Guru
You can get viruses many different ways, but there is a type of virus which is more prevalent than any other these days. Many readers and clients ask me how viruses are delivered. We have antivirus in our computers and filters in our email, so how do they keep getting past us?
Scareware is the most successful new type of virus. Scareware has been around for years but illegal software companies from Russia, China, and now South America are getting to us in a new way. So what is Scareware? I like to think of it as someone posing as a good friend, but then they shake your hand and pull you in, and yuck! Horrible coffee breath insults your senses like an oil slick in the Gulf.
Here is how they do it. You may have heard about certain legitimate websites like the NY Times infecting people’s computers with malicious codes from one of the ads. Other countries with lots of bad guys set up advertising agencies in the US or some trusted country we do business with. They contact the websites they want to infect saying they have legitimate advertising they would like to place on their website. Times being as they are, there is rarely any checking into the background of someone who wants to give you money. Once again laziness and greed are our own downfall. Did someone say Wall Street?
The sites themselves may not even be run by the company that they represent. Typically they are run by a third party whose job it is to make sure the site works correctly and keeps the advertising money coming in. After taking the money and placing the ad, the scammers put a link on the pictures of the ads, or force a pop up just by visiting the page. If you have a pop up blocker, most of these can be blocked, but not all of them. Despite my pop up blocker, I get Net Flix pop ups all the time.
The ad then scares you into thinking you have a virus and you have to click something to remove it. The reason they are so convincing is that they appear to be a Windows pop up, and they even look like they are trying to run a scan in some cases. If you click on the ad either positively or negatively, you still get infected. Then they want you to give them your credit card to remove it which only steals your identity and places more viruses on your computer.
There is some good news, however. The main person who was the perpetrator of this scam has been mostly shut down. Shaileshkumar "Sam" Jain is currently on the run in the Ukraine, but he ran the Win Fixer, fake Symantec AV products and others. Windows Antivirus 2010 is the biggest one we see in our shop. It works the same way as far as infiltration goes, but it’s also happening even if users have an up to date legitimate antivirus program.
The operation has been so successful however, that we can expect to see a lot more fake companies fooling website owners into this type of false advertising. The easy fix to this is to check on the company who is handing them money. It would be pretty easy to determine they were not legitimate. Find out who the officers of the company are and Google them. Check their references with other known quality companies who use them. Use some common sense. Don’t take candy (money) from strangers. These are things these website company executives should have learned in grammar school, right? Maybe they missed that day.
If you click the ad, you activate a program that can disable antivirus and other anti malware programs. This will bypass your protections and it will take over your computer. So how do we protect ourselves? Of course you should have a good antivirus. I do believe the free ones are good for the most part, but the paid versions tend to not only update their antivirus signatures more often, but they also provide support and better engines that aren’t as easily fooled.
You can also use an ad stripper on your computer. This automatically strips out any ads from the website so you just see the content. For some people this won’t work correctly because this is how the websites make money. You will see more websites either block browsers with ad strippers or make the content unreadable.
The best way is to use a website checking program that will look at the code to see if it has any malicious links and disable them. This will considerably slow down your web browsing experience but it will keep you safer. Many good companies make them including Kaspersky, Malwarebytes, Eset, Symantec, McAfee, etc. That doesn’t mean that these companies won’t also make mistakes. McAfee took out all of Intel a couple of months ago by releasing an update that deleted a crucial Windows file. Everyone got the day off. Symantec accidentally thought its own program was a virus and did the same thing. So who can you trust? Just me and your mother, and she’s under suspicion.
To reach our company for computer support at your home or business, call All Tech 1 at 503-598-8408. We have a team of Microsoft certified technicians and engineers.
For great tips, you can check here, listen to Bob on All Tech Radio at 9 a.m. Sunday morning on AM 1360 KUIK, or go to - http://alltechradio.com.
To buy Bob's latest book, go here http://howtobeanitadministrator.com/.