Windows users–Keep your head on a swivel

Image via Wikipedia

I thought about this long and hard.  Should I post about this or not? With nearly 90% of the planet using Windows (and an even greater percentage of my friends and family), I feel like I would be neglecting my duties if I didn’t mention it.  No doubt  some of you have noticed, and perhaps have fallen victim to, the fake anti-virus scams on some nefarious websites floating around. I’ve personally dealt with at least two machines that had been compromised by such dubious programs.  They use common social engineering tactics to trick users into thinking they have a virus (or series of them) with a legitimate looking program that generally says something to the effect of OMG! You’re infested! (OK. Not really, but you get the drift).  Not one to ever leave things be, virus writers are always trying to find new more effective ways to infect a victims computer. The scammers behind these nasty programs are not much different. The devil has been busy as noted by Microsoft‘s own tech blog entry on the very subject. If you’re a Windows users, it would behoove you to be familiar with the warning signs of these fake programs.

It use to be somewhat easy to identify a fake because the window that would appear would be in another browsers, or operating systems, graphical user interface (GUI). Now, however, vx (virus) writers are getting smarter and using  common user agent detection to ascertain which browser you’re using and quickly render an on-the-fly window with your current browsers interface making detection more difficult.  Perhaps a user agent switcher, available on most browsers, would help by fooling the program into thinking you’re using one browser over another and thus tricking the fake program into rendering the wrong interface. This idea has it’s limits. Unfortunately, there are ways to detect your true browser by the way it talks to a server and thus reducing the effectiveness of an agent switcher.

Though we are beginning to see fake anti-virus programs that mimic your current OS and browser, most of this is possible by means of javascript. Fortunately there is a program that can help, if you use FireFox as your browser of choice. That program is NoScript. NoScript will disable javascript that you have not given explicit permission to run on your browser from a website.  Internet Explorer, Chrome, Safari, Opera, etc may have similar programs available as an add-on.  Without the use of a javascript blocker, like no script, it becomes very difficult to exit out of the  pop up that appears without giving your browser, or your computer, the three-fingered salute. In some occasions, force closing your browser or shutting down is too little too late and you are already owned.

Thanks to arstechnica for the original article that spurred me into action.

UPDATE: Big thanks to Mister Reiner for providing the following additional Microsoft site with more information about fake anti-virus programs.

Related Articles

• New malware detects browser, shows fake malware warning page (arstechnica.com)
• Fake Anti-Virus Launches Legit AV Uninstalls (informationweek.com)