How Did That Virus Get On My Computer?
A new breed of virus and spyware has been running rampant on the Internet over the past year. So far over 40 million computers have been infected with some variant of FAKE ANTI-VIRUS. I have personally cleaned well over 100 computers that have become infected. So I want to share some information on how your system can become infected and what to watch for to avoid infection. I recently watched two webcasts at TechRepublic and learned some important information worth passing on.
What is FAKE ANTI-VIRUS?
The FAKE AV viruses are not your traditional viruses. Traditional viruses typically attack via email through attachments or embedded files. While these viruses still exist, a great majority are blocked by standard anti-virus software. However, with FAKE AV, infections can vary. There are several forms of FAKE AV and it is constantly evolving to try and stay ahead of security software. FAKE AV currently accounts for 15% of malware on the web. Unfortunately, FAKE AV viruses can infect your system, even if you are running security software! No security software solution is 100% in safeguarding your system – knowing what to watch for while browsing the web is your best way to safeguard your system.
Here are some examples of what initial signs of infection look like:
Fake Virus Warnings
Fake Virus Warning
Fake Virus Warning
The examples above show different pop-ups that can occur while surfing the web. If you visit an infected page, hidden code will be executed on the page, then suddenly you will see some fake security warning. As you can see that there is no identifying security software product information on any of the pop-ups. All of the pop-ups are vague and only want to prompt you to purchase, upgrade or install some software which is only going to further infect your machine. As you can see in the last example, the warning looks exactly like a typical system screen, when in fact it is actually a web page specifically designed to look like your system to further confuse and deceive you.
Be advised that these viruses can still spread via spam email and you have to be careful what emails you open. Always be sure you recognize the sender. 97% of business email is spam, but only 1:2500 contains malware. Here are some examples of FAKE AV emails:
Malicious Email
How Does the FAKE AV Spread?
Hackers take advantage of Search Engine Optimization (SEO) and code sites with heavily searched items, typically following search trends. The images below show hot searches on Google, one of which was for the “new 100 dollar bill.” Hackers set up infected websites that are based on hot search terms so that the search engines find them and direct traffic to the site. If you visit the site, you will inevitably be infected by a virus. 1.3% (1 out of 100) of all search results direct to malware sites. The best form of security against this form of attack is to have an anti-virus solution that provides link checking. Link checking verifies a site is legitimate before you visit it.
Search Trends
SEO Poisoned Results
Hackers also use javascript to infect web pages. Even trusted sites can become infected. Banner ads, posts to forums and blogs, video, image and other media posting can all be used to infect trusted sites.
A very scary statistic – 85% of trusted sites have some form of malware running on the site with infected page(s). New malicious URLs are discovered every 4 seconds.
While browsing the web, you also must be careful of the links that you click on. Be sure the link is taking you to somewhere you want to go. If you look to the bottom left hand corner of your browser while you hover your mouse over a link, you will see the address of the link you are going to.
Link Checking
While this can be very difficult to determine at times, there are other times it can be very obvious. Let’s say someone sends you an email via Facebook and it says click here to watch this funny video. When you hover over the link, the link should look something like this: http://www.youtube.com/watch?v=Ungf3nbQ6ZQ&playnext_from=TL&videos=Etowk-VZkdk&feature=grec_index. The portion hightlighted in bold indicates the most important part of the link. This tells you that the link will take you to youtube.com. The rest points the browser to the exact video. An example of a bad link is http://329xy.youtube12.coms.s/videoadfjewr9347TL&videdf$=os=Etowk-VZkdk&feature=grec_index. As you can tell, there is a great difference in the links and the second one would be taking you to a malicious site (the link is fake, so please do not try to click it).
So if your system gets infected with FAKE AV, what is the worst that can happen?
Well if you are lucky, your security software will have blocked all or most of the virus installation and if that is the case, you might simply have to remove the infected files via your Security Software and then run a full scan to be sure everything is removed. However, if the virus is able to run its full course, your system will essentially be controlled by the virus. It can turn your system into a “spam bot” – sending massive amounts of spam mail out via your computer to try and spread and infect other computers. Some of the viruses embed “keyloggers” that log every keystroke you type on your computer and transmits back to the hacker – this can include password, credit card and other sensitive, personal information. Other symptoms include “hijacked” search results – when you use search engines such as Google to search for something, you see what seem to be legitimate results, however, when you click on the links, you are redirected to some other site. And the worst possible consequence is credit card fraud and/or identity theft if you happen to “purchase” software. The ultimate goal of these hackers is to steal your information any way possible and if they can deceive you into making a purchase, they now have all or most of your personal information.
How Do You Stay Protected?
The best practice is to have a robust security software that not only provides anti-virus protection, but spyware, malware, active link scanning, firewall, etc. Norton, McAfee, Trend Micro, AVG, Kaspersky, etc. all offer a good Internet Security solution. Be very conscious of the links you are clicking on and the sites you are visiting. Sites such as MySpace, Facebook, YouTube, etc. allow users to upload their own content and code into the site and are therefore much more susceptible to infections. In the business environment, it is best to have an Internet Access policy restricting access to certain sites. This can be done through software monitoring – recording employee computer use and reprimanding as needed or blocking sites at the firewall/router level to not allow any access to designated sites. At home, I would recommend a cheap/spare computer to be used for suspect internet browsing and keep your good computer for your online banking, email etc.
I also get asked common questions like, “What about a Mac? They don’t get viruses.” And,” I use Mozilla Firefox or Google Chrome, so I am safe.” These are both false statements. Every system, whether Windows or Mac and any browser, whether Internet Explorer, Firefox, Chrome, Safari, etc. are all susceptible to attack since the attack is browser based and loaded via javascript on web pages that any system can read. Hackers can even make the code so sophisticated that it can determine whether you have Windows or Mac, and what browser you have just so it can properly infect you!
If you think your system may be infected or you just want a thorough security analysis, I will be more than happy to help. We can review your security policy and make any necessary adjustments.
You can watch the full presentations on this topic here:
Fake Anti-Virus: What You Need to Know
Web Attacks: How Hackers Create and Spread Malware
If you are interested in a robust security suite, I recommend AVG.
