Why Antivirus won't stop fake security infections
I have MacAfee antivirus installed but still got infected by a fake security program that completely took over my computer. Should I be using something else for protection?
-Gina
In the world of computers, there is currently a 'scareware pandemic' in play that is fooling millions of users every day.
Scareware refers to rogue programs that scare folks into doing something that, in this case, actually infects their computer.
Typically, users are initially exposed to these programs when visiting a website that is laced with the instructions to pop-up a fake warning that your computer is infected. These warnings look very similar to Windows screens and cause most folks to follow the prompts to 'scan' or 'fix' the problem.
Eventually, the 'fix' asks the user for a credit card number, which is when most folks realize something 'phishy' is going on, but by that time it's too late. The second that anyone clicks on the button to 'scan' or 'fix', it instructs your computer to install the evil code in the background while making you believe that it's scanning your computer for viruses.
It's by far, the most common reason that we are seeing 'patients' in our stores throughout the country.
This class of malicious software began appearing on the Internet in 2006 and has grown at a veracious rate simply because it is an effective way of getting into your computer. As of this writing, there are over 300 variants of fake security programs with new versions appearing on a weekly basis.
There is even a fake security program that calls itself 'Data Doctor 2010' which as you can imagine causes some confusion for our customers (we are not the authors, they simply made use of our name hoping to fool users).
Once they infect you, they can steal your credit card information, infect the machine for use as a silent soldier in a 'botnet' army, or install anything else that they so desire.
The reason your MacAfee antivirus didn't protect you is that it couldn't and neither would any other companies antivirus because you clicked on a button that told Windows and your security program that you wanted to install a program.
These malicious programs are very well written and look like any other program, like a screensaver or photo management program to your operating system and security programs.
Keep in mind, while these evil programmers are cooking up these concoctions, they have the ability to test it on every major antivirus program on the market before they launch it. In other words, they can keep working with the code until they know that your antivirus program will think it is a legitimate program.
Once they accomplish that, their only task is to fool you into clicking on a button to start the process of infiltrating your computer.
This, unfortunately, is why so many people are getting infected and your antivirus program is powerless to protect you from yourself.
Most folks that get infected immediately start searching Google for a way to get rid of these programs, which exposes them to yet more scams of programs that claim they can help if you pay.
The best information for removal will be the manual registry steps to eradicate the scareware code from the core of the Windows operating system, but even those instructions can be dated in a few short months.
The authors of the malware also scan the Internet to see how folks are removing their code, then they update their code to block or evade those removal instructions, so if you are searching for help on any specific infection, make sure to refine your search to only show you results from the past week (click on the 'Show options' link above the search results in Google).
In the future, pay very close attention to warning screens. In your case, you have MacAfee installed, so if the warning is not clearly coming from the MacAfee program, cancel the warning.
Link to the original content.
anti-malware programs can detect infections in files downloaded from the Internet?
is recorded as acceptance to download. How does one avoid that?
Ultimately, what's going is "social engineering", a method of tricking the unwary user into doing something they shouldn't. The best advice is to stay away from sites you don't have reason to trust, and don't click on links (especially links that come as a part of unsolicited email. However, not even that will always protect you.
If you're using a Mozilla browser (Firefox or SeaMonkey), one really useful tool to install is an extension called NoScript. That one allows you to grant or deny permissions for a particular page to run scripts, and the fake security alerts come from scripts. The methodology is similar to the pop-ups that you get from a firewall or from Windows Vista, where you have to grant positive permission for a script to run. It works fine, but it's not a no-brain set-and-forget thing, in that you have to think through why you want a script to run. If it's from a site you trust, you want to enable. However, many sites may have a number of scripts (and from a number of sources, including things like Google Analytics). Thus, you may want to grant permissions at a particular site only to one script (not all of them), and depending on the site, permissions only for that visit, rather than permanently. If you don't pay attention, and are too aggressive in granting permissions, then NoScript won't protect you, and you may be just as vulnerable as you were without it.
If you run Internet Explorer, another useful freeware tool is one called "Spyware Blaster". That one updates the permissions for names of scripts written in Active/X (a scripting language that IE uses) that are known to be malicious. As with any tool, it's not going to solve all your problems, but assuming that you keep it updated, it will give you some additional protection against scripts that shouldn't be running. It also prevents usage of third-party tracking cookies, which helps on privacy. If you use Firefox or SeaMonkey, Spyware Blaster won't protect against Active/X scripts (since those browsers won't run Active/X anyway), but it's still useful in prevention of the tracking cookies.
And how would I know if I got infected or not?
I clicked on a link in an email I thought was from a friend, then when I saw the website, I immediately closed the window.
But now I've noticed I get some script error messages and I'm not sure where they're coming from.
And how would I know if I got infected or not?
I clicked on a link in an email I thought was from a friend, then when I saw the website, I immediately closed the window.
But now I've noticed I get some script error messages and I'm not sure where they're coming from.