A few months ago someone brought me a laptop saying that it needed its virus software updated. When I looked at it, I found that attempting to run any Windows process resulted in a popup window saying that the file was infected with a virus and that the antivirus software needed to be updated (in other words money had to be paid) to clean the infected files. It took a while to finally get rid of the infection, but I wondered how the user got this virus.
Then while visiting the WordPress blog of a Twitter friend, I get the following very realistic popup indicating that a virus was found on my computer. (There was a rash of WordPress hackings at specific web hosting providers.) The popup looks exactly like Windows Explorer.
(Click to enlarge)
This is a mere screen capture of a Flash animation that made it appear like my machine was being scanned by legitimate antivirus software. When it popped up, I was a little freaked out because it was pretty alarming. I was, however, browsing with the Linux operating system at the time. If you look closely at the screen print, you will see that the fake Windows Explorer appears in a Firefox browser window. You will also notice that this fake antivirus scan does not say McAfee, Norton, Symantec or any other well known antivirus software.
After taking the screenprint I attempted to close the Firefox browser. The Flash animation would not allow me to close the window without downloading an executable file that had I been using a Windows machine would install fake antivirus software.
This malware relies on the users’ fear of malware to get the user to install it. After installation, it then essentially asks for money (to clean the supposedly infected system files) to be able to do the most basic task in Windows. This type of malware is called ransomware in that it holds your system hostage until you pay money to regain access. An unsuspecting user would likely pay to make their computer work again future opening them up to additional exploitation since criminals would then have the user’s credit card information and who knows what type of malicious activities the still installed software will actually do on their computer.
Legitimate virus protection can help identify many malware threats but it’s not a panacea. It doesn’t even matter what operating system is being used if the user will install anything. Granted this particular malware is targeted specifically to Windows users, but malware is being created for other popular operating systems as well. Therefore awareness is just as important as technological solutions especially since technological solutions tend to be reactionary. A good rule is to ignore popups and kill any kind of forced downloads.
It is also important to keep up with updates and patches for your software. I wonder what kind of damage could have occurred had I been using Internet Explorer 6 on a Windows machine. If you are using this, please upgrade to Internet Explorer 8. Also consider installing Firefox and/or Google Chrome.
You might also be interested in:
Topics
Recent Posts
- Solar Charge on the Go
- Fake Antivirus Holds Your System Hostage
- Facebook Security Snare
- iOS 4 Upgrade on iPhone 3G
- CLEAR High-Speed Wireless Internet Service Comes to Metro DC
- iPhone 4 and iOS 4 Introduced: Verdict Out
- Folding Bluetooth keyboards – rare commodity now, could be hot item soon!
- Are You Spamming Everyone You Know?
- Bank Emails Customer Data to Wrong Account Exposing 1,325 Customers to Potential Identity Theft
- Virgin America Uses Linux
Recent Comments
- Kenya on Solar Charge on the Go
- wardell latham on Solar Charge on the Go
- kenya on Facebook Security Snare
- judykhs on Facebook Security Snare
- Kenya on Fake Antivirus Holds Your System Hostage
- Kenya on Fake Antivirus Holds Your System Hostage
- Savvypreneur on Fake Antivirus Holds Your System Hostage
- Wardell on Fake Antivirus Holds Your System Hostage
- Jeff_at_CLEAR on CLEAR High-Speed Wireless Internet Service Comes to Metro DC
- Nicole on CLEAR High-Speed Wireless Internet Service Comes to Metro DC
View Comments
Wardell
July 26th, 2010 at 7:14 pm
1Very nasty stuff, but I guess cyber space is not too different from the real world you always have to be very cautious, alert, and informed. In addition to a good virus scanner, ad blocking, and flash blocking browser plugins may help avoid similar types of attacks.
Savvypreneur
July 26th, 2010 at 7:26 pm
2This actually happened to me this week. Somehow, I managed to circumvent the 'ransomware' and reboot my system without a problem. I tried to get a screen capture with the Firefox ScreenGrab add-on. But unfortunately, my system wouldn't allow it. Which screen capture software do you use?
Kenya
July 26th, 2010 at 7:45 pm
3You can just do Alt+Print Screen which will save the image in your clipboard. After that you can paste it into an image editing program, Word or anything that will accept images.
Kenya
July 26th, 2010 at 7:48 pm
4I agree with you but knowing how annoying using those can be, I'm pretty sure an average user would be annoyed as well. That said, if you want to be able to block Javascript, Flash, etc. from unknown sites, the NoScript plugin for Firefox is great.
Categories
Recent Posts
Popular Posts
Check out
Subscribe via Email
Comments
Tags