Fake Anti-Virus Scareware, the scourge of the Internet

Fake Anti-Virus Scareware, the scourge of the Internet

[tweetmeme source=”mikerigsby” only_single=false http://mikerigsby.wordpress.com]

Being as how this is a new year with some of the same old internet malware problems I wanted to take a moment to talk about one of the most common and most often infected on people’s computers but it is also one of the easiest to avoid infection from.

Scareware is semi-malicious software that is designed to scare a user into thinking that they need to purchase their software in order to protect their computers. Generally called Fake Anti-virus software, it pop-ups up right in the middle of your screen while online and says your computer is infected with dozens of viruses. The pop-up cannot be closed by the normal X button in the top corner.

A side note to keep in mind is that legitimate anti-virus software, like Microsoft Security Essentials, Kaspersky, etc, nearly always works ‘behind the scenes’. It scans quietly in the background and removes viruses without a blatant, scary message coming up in the middle of your screen.

It is very well designed software and looks legitimate and looks like it’s busily scanning your computer. It’s generally transmitted by malicious or infected advertising banners on perfectly normal, legitimate websites.

Virus and Malware designers will actually purchase advertising space on legitimate websites in order to spread their malicious software so, contrary to popular belief, you don’t have to be browsing ‘unscrupulous’ websites to catch computer viruses. This software is designed to make you think your computer is infected and then give you the ability to enter your credit card information to purchase their “anti-virus” software to remove these supposed infections.

This not only gives malicious people your credit card information but it is also not true. Either your computer isn’t infected, or even if it was this software doesn’t actually remove anything. To the contrary, this fake ant-virus software actually is the virus.

I’ve attached a couple screenshots of what the scareware will likely look like, although it comes in dozens of different names.

FakeAV01

FakeAV02

Now for the important information. Avoiding getting infected. These steps aren’t 100% guaranteed to avoid infection but they’ll definitely help.

If you get one of these fake anti-virus pop ups:

1. STOP! Do not click anything in the window, not the X, not an obvious Close button, nothing. At this point the software most likely is only trying to scare you and hasn’t actually installed on your computer.

2. First thing to try is to press the Alt key + the F4 key. This keyboard combination will force close any active windows. Try it a few times in case the first try doesn’t work.

3. If this doesn’t work, right-click on your Start menu, select Task Manager, then on the Applications tab find the entry for your browser and press End Task, repeatedly if necessary. This will crash your internet browser and, hopefully, one of these two steps will help you avoid getting the malicious software actually installed on your system.

Once you’ve done these, hopefully the pop-ups are gone and the next step I would recommend is, if on a work PC call IT to let them know about it and, if at home I would recommend doing a Full scan with your anti-virus software of choice, just to make sure your system is clean.

My personal preference for Anti-virus software is Microsoft Security Essentials. MSE is free from Microsoft, very lightweight on resources, works extremely well and since it is from Microsoft it will maintain current virus definitions through Windows Updates. However, companies like Kaspersky, GFI, Avast, Avira, AVG, Panda all make good antivirus solutions and many of them are free to use. The important thing is to pick something, keep it up to date, and to scan with it regularly.

The True Weight of a Cloud

[tweetmeme source=”mikerigsby” only_single=false http://mikerigsby.wordpress.com]

So, you’ve heard of Cloud Computing. Or, maybe you haven’t.
For those who don’t know what Cloud Computing is, here is a definition, per Wikipedia:

“Cloud computing is Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like a public utility.”

Well, just how much does a cloud actually weigh?

The Cloud consists of 100s, even 1,000s, of servers spread throughout the world. Basically it is just the Internet, taken to the next level.

“Shared resources, software and information” includes Photos, Documents, Financial Records, and Music, essentially everything that is currently stored on your Desktop PC or Notebook, including the Operating System.

All of these files would be stored ‘on the cloud’.

The long term goal of Cloud Computing would be to obsolete the current computer as we know it.

Your current computer would be replaced by an always internet connected device that, once powered on, would simply open up ‘the cloud’.

It would have no local operating system, no local file storage. It would basically be ‘a window’ into all the data stored on the cloud that is available to you.

Sounds pretty cool, right?

I mean all your Files, Favorites, Music, and Documents, all available to you. No matter where in the world you might be. Just like if you were sitting at your pc now.

Here is why I don’t think so.

“All your Files…….available to you. No matter where in the world you are.”

Yeah, you and any marginally skilled, bored high school kid who feels like hacking into them.

Think about that the next time you review your tax records from last year.

Have you ever had a computer virus on your personal pc? Well, ‘the cloud’ is just one world-wide pc. Try and imagine the impact of a single, seriously nasty virus ‘on the cloud.’

Oh, you say all the users in the world, all the country governments, everyone, all have every scrap of electronic data they use, stored on the cloud.

A virus you say? …..hmm, think about it.

A recent anti-virus software update accidentally considers a ‘core operating system file’ malicious and crashes 1000s of PCs.

Oops, sucks to be those software customers.

Consider the impact of that when the cloud is essentially a single, world-wide operating system.

A server failure in your internet based email providers server farm causes all of their customers to lose their email for a couple hours.

Multiply that by about 1,000,000 times and include the entire planet’s information flow.

Your hard drive in your current PC fails because, let’s face, hardware fails. You lose everything. All your files, photos, etc. are gone.

Now consider the cloud equivalent. A fire in a major cloud provider server farm destroys all the data for an entire country.

The 9/11 terrorist attack was the worst tragedy in U.S history. Killed over 2,000 people.

Now consider those same terrorists targeting a major cloud server farm, or two. While many server farms are essentially unmanned, so no actual innocent lives would be lost, consider the actual impact. Entire governments would be crippled, national economies destroyed.

Now just what is the ‘true weight of a cloud’? Think about it.

Anti-Malware Botnet

[tweetmeme source=”mikerigsby” only_single=false http://mikerigsby.wordpress.com]

I’m sending this random thought as a Blog update since it’ll be too long winded to fit in Twitter.

My thought:

Anti-virus/Anti-spyware software is by nature, Defensive. It’s quite possible that, by the time your software activates against an attack, it’ll be too late.

I think we should start using the methods used by Malware suppliers against them.

Create Offensive Anti-virus/Anti-Malware software.

Microsoft should create an Anti-Malware Botnet. Release it via Windows Updates to all legitimately licensed PCs.

Then use idle cycles, similar to SETI at Home, to wage coordinated attacks on known malicious sources.

That is my ‘rant du jour’

Mike Rigsby

My little ‘bag of tricks’ or Tools I use to kill pesky software.

[tweetmeme source=”mikerigsby” only_single=false http://mikerigsby.wordpress.com]

Ok, not a bag but a USB thumb drive. Never the less, the following is a breakdown of the programs I use for my systematic hunting down and eradicating of malware.

Malware, for those who might not know, stands for Malicious Software. The description is a broad category that includes viruses, adware, and spyware.

Basically, any software that either does harm to your operating system and files/programs, or simply delivers annoying and unwanted advertising in the form of constant pop-ups.

At the very least, malware bogs down your system resources and slows your computer down to being a doorstop.

First off, I have a couple notes of interest. For one, every piece of software in my toolkit is FREE. A price everyone will appreciate.

Also, something technicians will likely know, but not everyone, is that thumb drives can become infected when you plug one into an infected machine.

So, as with other things in life, if you are going to stick your tool into a slot where you’re not sure who’s been poking around in there before you, USE PROTECTION!!

A virus will ‘attack’ and infect file types that it recognizes as executable, i.e. install files. So, a trick is to make it so the virus has no idea what file type it is.

What I recommend is, remove the file extension after you’ve downloaded the program to your thumb drive.

Example: One of the programs I use is Malwarebytes. The install file that you download is: mbam-setup.exe.

So, when I was first setting up my thumb drive, I downloaded that file, then right-clicked on it and selected Rename. I then removed the .exe from the end of the file.

This does render the file unusable, until you rename it again and add the .exe back to the end but it also makes it so any viruses that might be on the computer will have no idea what type of file it is, making your thumb drive essentially immune to getting infected.

So, the process is, you put your thumb drive into the computer, find the install you want, then copy/paste it onto the desktop of the computer, then remove your thumb drive. Rename the file on the desktop and put the .exe back on the end then run it to install the program.

[Getting off topic, this should always be done with the computer in Safe Mode]

On to the goodies!

I have my thumb drive organized with the following folders:

Antivirus Programs

Spyware Programs

Startup Scanners

Tools

Also, a .txt file titled Inventory Notes.txt. What this file is, is a list of all of the installs in the thumb drive and what type of file they are, .exe., .msi, .inf, etc.

[Note, Yes, I left the .txt on the file. Text files (NOT .doc files) are for the most part immune to viruses because they’re too basic. No html formatting, no macro ability, etc. So you can feel safe in using Notepad to create a list.

Please note, you can find the installs for all of these by typing their names into your favorite search engine.

Inside the Antivirus Programs folder I have the install files for:

AntiVir

Avast

AVG

BitDefender

Symantec Removal Tools (several different installs that target specific viruses. You can get them here: http://www.symantec.com/business/security_response/removaltools.jsp)

ConTest

RootkitRevealer

Stinger Anti-virus

Inside my Spyware Programs folder I have the install files for:

Ad-aware

CCleaner

CWShredder

Malwarebytes

MS Defender

Spybot

Superantispyware

WPhijack

Inside my Startup Scanners folder I have the install files for:

HijackThis

Process Explorer

Startup Lite

X-Ray PC

My Tools folder just has a few useful utilities in the battle against malware. They are:

Delete Doctor

ScripTrap

Wireshark

This blog entry is already long winded enough so if you want any specific information on any of these programs always feel free to contact me.