A few months ago someone brought me a laptop saying that it needed its virus software updated. When I looked at it, I found that attempting to run any Windows process resulted in a popup window saying that the file was infected with a virus and that the antivirus software needed to be updated (in other words money had to be paid) to clean the infected files.  It took a while to finally get rid of the infection, but I wondered how the user got this virus.

Then while visiting the WordPress blog of a Twitter friend, I get the following very realistic popup indicating that a virus was found on my computer.  (There was a rash of WordPress hackings at specific web hosting providers.)  The popup looks exactly like Windows Explorer.

(Click to enlarge)

This is a mere screen capture of a Flash animation that made it appear like my machine was being scanned by legitimate antivirus software.  When it popped up, I was a little freaked out because it was pretty alarming.  I was, however, browsing with the Linux operating system at the time.  If you look closely at the screen print, you will see that the fake Windows Explorer appears in a Firefox browser window.  You will also notice that this fake antivirus scan does not say McAfee, Norton, Symantec or any other well known antivirus software.

After taking the screenprint I attempted to close the Firefox browser.  The Flash animation would not allow me to close the window without downloading an executable file that had I been using a Windows machine would install fake antivirus software.

This malware relies on the users’ fear of malware to get the user to install it.  After installation, it then essentially asks for money (to clean the supposedly infected system files) to be able to do the most basic task in Windows.  This type of malware is called ransomware in that it holds your system hostage until you pay money to regain access.  An unsuspecting user would likely pay to make their computer work again future opening them up to additional exploitation since criminals would then have the user’s credit card information and who knows what type of malicious activities the still installed software will actually do on their computer.

Legitimate virus  protection can help identify many malware threats but it’s not a panacea.  It doesn’t even matter what operating system is being used if the user will install anything.  Granted this particular malware is targeted specifically to Windows users, but malware is being created for other popular operating systems as well.  Therefore awareness is just as important as technological solutions especially since technological solutions tend to be reactionary.  A good rule is to ignore popups and kill any kind of forced downloads.

It is also important to keep up with updates and patches for your software.  I wonder what kind of damage could have occurred had I been using Internet Explorer 6 on a Windows machine.  If you are using this, please upgrade to Internet Explorer 8.  Also consider installing Firefox and/or Google Chrome.

You might also be interested in:

• Trojan Outbreak on Facebook