How to avoid the nasty fake antivirus scam
By Herb Weisbaum ConsumerMan
It’s one thing to write about the dangers of malicious software. It’s quite another to have it take over your computer. That’s what happened to me a few weeks ago. I was at work doing a routine online search when all of a sudden my computer went nuts.
A pop-up appeared in the center of the screen — “Warning: Virus Invasion Detection” — and a siren started wailing. “Personal Shield Pro” started to scan my hard drive. At least that’s what it looked like.
Within seconds, row after row of supposedly malicious software programs started stacking up in the window: viruses, spyware, adware and worms.
Personal Shield Pro said it found 47 infections. The scan warned that because of the virus activity found, the following bad things were possible: a system crash, permanent data loss, system slowdown and Internet connection loss.
I knew the scan was bogus, that my computer had been infected with fake antivirus software (FakeAV). But I couldn’t close the program. In fact, I couldn’t do anything. This rogue software had hijacked my computer. So, I turned it off and crossed my fingers.
When I rebooted, the pop-up was still there. I was helpless and didn’t know what to do. I contacted the IT department and one of the techs ran a number of scans. It took him two hours to find all the places this malware had embedded itself in the operating system on my hard drive.
If this had been my home computer, it would have meant a costly trip to the repair shop to get my machine working again.
“Fake antivirus has probably been the most prominent online threat for the last two or three years. It has infected millions of people’s computers,” says Chester Wisniewski, a senior security advisor at Sophos, a worldwide security and data protection firm.
FakeAV is also known as “scareware” because it’s designed to scare you to into buying useless antivirus software that you don’t really need.
The scam follows a common pattern. A pop-up shows what appears to be a security scan that falsely detects dangerous or illegal files or programs. In some cases, the bogus warnings say there is porn on your computer. The malicious software may even display pornographic images on the screen. And those pop-up warnings won’t stop until your click the button that says “register now” or “remove all threats.”
Those who do that wind up on a site run by the cyberthieves. It says you need to buy their antivirus program — which is fake — to fix the security problems.
“So people pay for the program and they rescan their machine and of course it says their computer is clean,” explains Coleen Robbins, chief of online threat initiatives at the Federal Trade Commission. “But there was never anything wrong with the computer to begin with.”
Who is behind this?
Scareware is sold by international criminal gangs. Many are located overseas with accomplices in the United States. Based on recent prosecutions, we know the losses are staggering.
In June, the U.S. Department of Justice announced it had busted a scareware gang based in Latvia that badgered victims into spending as much as $129 to buy their fake antivirus software.
The FBI and its international law enforcement partners found and seized computers and servers belonging to this gang in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United States. The feds believe this one group scammed nearly a million people out of $72 million over a three-year period.
(While this bust may slow down the FakeAV attacks for a while, they will not go away. There’s simply too much money to be made.)
These malicious FakeAV programs can do more than extort money. They can leave nasty things behind on your hard drive.
“There have been reports that people are left with Trojans, which are pieces of spyware that grab information from your computer, which make you vulnerable to identity theft,” says Paula Selis, who runs the hi-tech unit in the Washington State Attorney General’s office. “That’s even worse than being ripped off for a product that’s absolutely worthless.”
How to deal with a scareware attack?
Most of this malware attacks Windows-based computers. If a virus alert appears on your screen, and it’s not from a program you have installed in your computer, stop and think before you do anything. Most importantly don’t touch it. Don’t run a “free” scan and don’t try to close the window. Shut your browser using Task Manager (control + alt + delete) or turn off the machine.
If that doesn’t work, go back to task manager and look at the list of the programs currently running. Delete the rogue one, the one that is unfamiliar from the list of running programs. Then run security scans with the software already on your machine to find where the FakeAV might have hidden.
If that doesn’t work, you need to see a professional. You might want to do that anyway.
“Any time you get something malicious on a computer and it is beyond your technological ability, you immediately need to get a professional to look at it,” advises Adam Levin, chairman of Identity Theft 911. “You may think you’ve succeeded in removing it, but in truth it’s masking itself and mutating through your system.”
How to protect yourself from scareware swindlers
The U.S. Department of Justice advises against buying computer security products that use unsolicited “free computer scans” to sell their products. It is also important to keep your operating system and security software up to date.
Fake antivirus products are designed to appear legitimate. They have names that sound convincing, such as Virus Protector, Virus Shield, Malware Defense, AntiSpyWarePro and WinWeb Security, just to name a few. Only install software from trusted sources.
It’s also important that you become familiar with the way the legitimate anti-virus software on your computer looks and behaves. If you know what a real warning message looks like, it should be easier to spot a phony.