One of the most effective malware infection vectors in use on the internet is what’s known as the “fake antivirus attack”. Upon visiting a compromised website, even one that is supposedly legitimate like the DailyMotion (not linked for obvious reasons), a pop-up is displayed that warns the user that their computer is infected, and offers to clean up the infection. Clicking on that button typically leads to the actual infection, which usually starts out as an annoying infestation of adware and popups, and will typically escalate into a barrage of more malware, up to the incredibly vicious rootkits and ransomware which will render your computer inoperable, your data irrecoverable and your identity, bank accounts and credit rating at serious risk.
How do you spot the fakes? Unfortunately, it’s becoming increasingly more difficult, as the cybercriminals are now investing more effort into making these counterfeit warnings look like the real thing. In the case of the DailyMotion vector, the pop-ups were designed to look like Microsoft’s own widely-used and competent Security Essentials antivirus software, a product that I install on many of my clients computers. At first glance, the pop-up does a passable rendition of the real software, and someone not paying attention could easily be fooled. If you want to see what this type of pop-up looks like, and the resulting infection, watch this short video produced by Invincea, a security software company based in Fairfax, VA.
What this means for you:
Even hardened internet travelers might be taken in by well-crafted popups, but there are certain ways to tell if it’s a fake:
- Your antivirus software won’t require you to install an EXE to perform the scan. It’s already installed. If it was a legitimate warning, clicking the button would start the scan, and not a download of software. Windows Vista and up will stop and ask permission to run any executable, even ones from legitimate companies, so if you see your OS asking if it’s OK to install this program, stop what you are doing immediately.
- Close your browser and any windows associated with it. Close any open programs. Manually start your installed antimalware software by selecting it from the Start Menu, or from the System Tray in the lower right of your screen. Run a full scan. Even if everything comes up good, remain vigilant!
- Fake pop-ups also come in the “Your software needs to be updated to view this website” variety. The most common variant of this is Adobe Flash. Again, close all windows, manually relaunch a web browser and visit the software manufacturer’s website to find out if an update is available for your software.
Still unsure? Note the website URL that triggered the questionable pop-up, take a screenshot if you can, and call your IT professional for further advice.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net