Fake anti-virus scamPosted: Updated:
PHOENIX - “We are seeing this over and over again,” says Ken Colburn from Data Doctors, “it’s the No. 1 thing causing people grief on the internet.”
Colburn is talking about a fake anti-virus that looks like it’s scanning your computer.
“It was on Microsoft format,” Rusty Fried told us. “It looks totally legitimate!”
Fried is online all the time writing blogs and articles about aviation. It’s what he loves to do. When a message popped up saying 18 infections were detected on his computer, he wanted to get it cleaned up right away.
“I decided I’ll just send the $80.” He explained, “They got me.”
“If you send this to 10 million people and 1 percent fall for it, that’s a lot of credit cards,” Colburn explained when we visited his Tempe offices.
He showed us a side-by-side screen shot of a real anti-virus program and the fake one that infected Rusty’s computer.
“It’s very convincing,” says Colburn. Not only that, the virus uses reverse psychology. If you try to close the pop up by clicking on the X, that’s the trigger.
Colburn explains, “When you click on it, you’re actually telling the program it’s okay to install or continue on with your destruction.”
Instead of clicking on the X to close the pop-up, hit control, alt and delete which takes you to the task manager where you force the scan to quit.
Also, Colburn says it’s crucial that you know what kind of anti-virus software you have in the first place – so you know what to look for!
“It’s a pain in the neck. It really is,” says Rusty Fried, “We are all walking targets.”
Why Antivirus won't stop fake security infections
I have MacAfee antivirus installed but still got infected by a fake security program that completely took over my computer. Should I be using something else for protection?
Answer by Ken Colburn, Data Doctors
In the world of computers, there is currently a ‘scareware pandemic’ in play that is fooling millions of users every day.
Scareware refers to rogue programs that scare folks into doing something that, in this case, actually infects their computer.
Typically, users are initially exposed to these programs when visiting a website that is laced with the instructions to pop-up a fake warning that your computer is infected. These warnings look very similar to Windows screens and cause most folks to follow the prompts to ‘scan’ or ‘fix’ the problem.
Eventually, the ‘fix’ asks the user for a credit card number, which is when most folks realize something ‘phishy’ is going on, but by that time it’s too late. The second that anyone clicks on the button to ‘scan’ or ‘fix’, it instructs your computer to install the evil code in the background while making you believe that it’s scanning your computer for viruses.
It’s by far, the most common reason that we are seeing ‘patients’ in our stores throughout the country.
This class of malicious software began appearing on the Internet in 2006 and has grown at a veracious rate simply because it is an effective way of getting into your computer. As of this writing, there are over 300 variants of fake security programs with new versions appearing on a weekly basis.
There is even a fake security program that calls itself ‘Data Doctor 2010’ which as you can imagine causes some confusion for our customers (we are not the authors, they simply made use of our name hoping to fool users).
Once they infect you, they can steal your credit card information, infect the machine for use as a silent soldier in a ‘botnet’ army, or install anything else that they so desire.
The reason your MacAfee antivirus didn’t protect you is that it couldn’t and neither would any other companies antivirus because you clicked on a button that told Windows and your security program that you wanted to install a program.
These malicious programs are very well written and look like any other program, like a screensaver or photo management program to your operating system and security programs.
Keep in mind, while these evil programmers are cooking up these concoctions, they have the ability to test it on every major antivirus program on the market before they launch it. In other words, they can keep working with the code until they know that your antivirus program will think it is a legitimate program.
Once they accomplish that, their only task is to fool you into clicking on a button to start the process of infiltrating your computer.
This, unfortunately, is why so many people are getting infected and your antivirus program is powerless to protect you from yourself.
Most folks that get infected immediately start searching Google for a way to get rid of these programs, which exposes them to yet more scams of programs that claim they can help if you pay.
The best information for removal will be the manual registry steps to eradicate the scareware code from the core of the Windows operating system, but even those instructions can be dated in a few short months.
The authors of the malware also scan the Internet to see how folks are removing their code, then they update their code to block or evade those removal instructions, so if you are searching for help on any specific infection, make sure to refine your search to only show you results from the past week (click on the ‘Show options’ link above the search results in Google).
In the future, pay very close attention to warning screens. In your case, you have MacAfee installed, so if the warning is not clearly coming from the MacAfee program, cancel the warning
Read a previous Data Doctors blog about this virus: http://www.youtube.com/watch?v=LP09QSwKE5Y&feature=youtu.be.