IT Support Newcastle
Fake antivirus alerts
By Paul W. in Security | 31/08/2011
Recently, we have seen an increase in the number of computers affected by fake antivirus alerts and applications. They try to entice money from you by claiming you need to purchase a piece of software to remove some malicious software that is compromising your machine’s performance. You don’t.
The increase in their use is, in my opinion, due to the culture that we now live in. Computer users now are becoming more savvy to viruses and the importance of being well protected; the bad guys know this and so they will try to capitalise on it. If a user sees an alert that looks remarkably genuine and is telling them that they have a virus, they are likely to jump in and want to remove it. The purpose of this article is to shed some light on spotting fake alert programs and, crucially, not falling victim to them in the first place.
So how does the fake antivirus get on my system?
The simple answer to this is that, in the majority of cases, a computer user needs to install the application (unknowingly). Lets take an example of a virus I saw recently. You visit a site that claims you need to install a codec to view it properly; thats a believable story so you run the file. The following error appears:
This seems like a genuine error, right? You click ‘OK’, assume the program has quit, and concede that you wont be able to view the website. But the application hasn’t ended – it is still running and preparing to alert you with rogue system problems. After a while of continued browsing you receive a popup, something like the following:
This again is scarily realistic. It even says Windows Firewall, and we trust Microsoft! You remember the ‘codec’ download from earlier, think “oh bother”, and click ‘Yes’.
Then you are presented with a scanner that shows you a list of viruses that have infected your PC. This is going to be largely fabricated – you do have a virus, but it is the scanner itself that is the virus.
Again, this looks very Microsoft Windows Security Centre-like (those bad guys are clever). You click ‘repair’ (because that’s what everything you have heard dictates that you do) and are then asked to Activate the full version of the software to remove the exaggerated threats.
How to spot a fake alert
As I’ve said, the above windows all look fairly legitimate and trustworthy, and they are getting better as time goes by. However, there are some things to note.
Legitimate antivirus solutions will very rarely ask you for money after finding a virus just to remove it.
Keep your wits about you. If you have McAffee installed and you see a Norton lookalike threat alert, its highly unlikely to be real.
Remember, initially you had to download a file. If you’re visiting a site that you haven’t been to before or looks a bit sketchy that says you need to install a codec, assess whether you 100% need to see this site or whether you can use a trusted alternative. If you do need that site (unlikely) then search for the codec you ‘need to install’ and research whether it is legitimate or if others have had issues.
Getting rid of it
If you are in any doubt about your system security, run a trusted antivirus that you have installed previously. If you have no security software installed, then run a free online scanner such as ESET’s.
Then purchase some security software!
There are also some useful tools such as Trinity Rescue Kit, which will run an independent bootable antivirus from CD (before windows starts) and hunt out any issues.
As ever, if you have any questions or need assistance with this, please use the Contact Form to get in touch.