Saturday, February 07, 2009

You don't have to be a tech genius to outsmart malware

The other day while Penelope was surfing the Web, she suddenly saw a scary screen saying the computer was infected and asking her to take action. She handed the computer to me. Here's what we saw:

Notice that the presentation looks "official," but is in fact completely generic. Next we got the following messages:

Behind the dialog in front there is a dialog with the even more official-looking title "Windows Security Alert," showing a list of allegedly infected files.

It looks official. But wait a minute. Does Windows ever display the hierarchy of my hard disk in Firefox? If Windows ever wants to use a browser, it launches Internet Explorer.

The other strange thing here is, the front dialog - the one that's telling me to download Antivirus 360 - is coming from the web page antimalwarescaner-dot-com. (WARNING. Don't go there!) I use Microsoft's OneCare to protect my Windows computers. If malware is detected on on my computers, I expect to get an alert from Microsoft OneCare - not from some web page I've never heard of before.

In short, I knew that I didn't want to say okay to these warnings. Instead of clicking OK, I clicked the red "x" to close the window. Unfortunately, my efforts to cancel these dialogs were ineffective. The dialogs kept popping up. That was an additional clue that something was wrong and this not a valid alert.

When this happened on my wife's computer, I ended up holding down the powerkey for 10 seconds to shut down the computer. Two days later, the same thing happened on my computer, and I got out by hitting cntl-alt-delete and quitting Firefox.

A little Web research fairly quickly explained that the problem is due to a piece of malware called Antivirus 2009. It's a piece of "rogue security software" that "hijacks" your web session and redirects you to somewhere you don't want to go. Rogue security software is like a bad cop. Hijacking is like, well, like being hijacked. Ever landed on a porn site by accident? You got hijacked. Anyway, I knew that I didn't want to GO to the web site identified as the source of the alerts, so instead, I Googled it. That search led me to this page, which in turn referred me to the excellent site I downloaded Malwarebytes's freeware utility Anti-Malware, installed it, let it update its database, and ran the default quick scan. No virus found. Whew.

What's the moral here? You don't have to be a tech genius to outsmart malware. If you don't know where something coming into your computer is coming from, block it. Don't open email attachments unless you know who sent them and what they contain. And don't let web sites do anything to your computer unless you're really sure you trust the site. In short,
  1. stop
  2. take a deep breath
  3. THINK
Oh, and it's not a bad idea to have good security software installed.

About Me

I am an event photographer living in Dallas, Texas.