“Your computer has been infected by a virus. Please click on this link to install a free virus removal tool.” Have you seen a pop up with this message on your computer? If you’ve clicked on the link chances are you have been infected with a virus called rogue security software or “scareware”. This type of attack seems to be occurring with greater frequency. When you are confronted with a pop up asking you to install the software, clicking on anything inside of the pop up box usually installs the software. After installation, the virus generates more pop up messages attempting to scare or harass the victim into purchasing a product that will “clean” alleged viruses found by the fake antivirus software. If the victim purchases the fake antivirus software they are in danger of having their credit card stolen. If the victim does not purchase the software the pop ups cause such an annoyance it is impossible to use the computer. There are several variations of this type of attack, some being so malicious as to block installation of any legitimate antivirus software.
How do viruses like this spread? Primarily through links to malicious sites that launch the virus installation. The virus creators set up a website that contains the code that launches the virus installation. They then fill the website with popular search terms so that the site will appear on search engines such as Google and Yahoo. These virus developers will often use current events such as a commonly searched news story in order to put their site at the top of search engine lists. The search engine results will display links to the malicious sites. The sites do not appear to be malicious at first glance—not until it’s too late.
How can “scareware” be avoided? This type of virus is difficult to protect against. Most antivirus software will not block the installation. There are some antivirus products that perform web filtering which attempts to block malicious sites. Even with tools that are designed to block this type of virus, it always pays to be informed. Here are several ways to avoid being infected.
- Be extremely cautious when browsing the Internet and especially when using a search engine. Always browse sites that you know to be legitimate. If a site looks suspicious it probably is.
- If you do click on a link to a malicious website do not click on anything in the pop up message. Clicking cancel or even the button to exit the message can trigger the virus install. Press CTRL+ALT+Delete and manually shut down any Internet Explorer pages. To be safe it would also be good to restart your computer.
- Avoid clicking on links sent through email. This is a common way of spreading this type of virus. Instead type in the full address you are trying to access.
- Always keep your computer up to date with the latest Windows Security patches from Microsoft.
- This tool, developed by Trend Micro, will verify that a link is not malicious: https://qa.securecloud.com/reputation/query?locale=en-US (it’s a safe link, I promise!).
Using these tips should keep you free from this type of infection but if you do have the unpleasant experience of having your computer infected by “scareware” Thinsolutions has the tools and the knowledge necessary to remove them.
- Luke C. Neuman