Going Rogue

Standard

There’s been a slew of people getting hit by fake anti-virus programs lately, including one person very close to me; myself. I was using my desktop PC when I saw a virus alert popup window in the Windows system tray. The odd thing was that the anti-virus program was claiming to be something called Antivirus Soft. The problem was that I’ve always used AVG anti-virus, which was no longer showing in my system tray. Sure enough, somehow I managed to get this malware on my system (yes, this can chip away at an IT guy’s ego).

The truth is, it can be very easy to get this software on your machine to wreak havoc. There are two types of anti-virus malware that I’ve come across:

  • The first is the most intrusive and the example I described in the beginning of this post. This is the type of malware that actually installs software on your machine and gives an impression of an infection, when in reality, there is none. How would you get this on your machine? Simply by going to a website that has malicious code on the page can execute script to install the software. Another common method of infection comes from users opening email attachments, which is why you should be very cautious what you try to access. Even if the email appears to be from someone you know, it could be malicious.
  • A less intrusive type of anti-virus malware are simply pop-up windows claiming to be your anti-virus needing an upgrade. This occurrence is usually just an annoyance without the problem of having to actually clean out software from your system.

In both of these cases, you must remember the golden rule: NEVER GIVE OUT PERSONAL OR FINANCIAL INFORMATION. Your real antivirus program will never ask for a Social Security number. My friend was hit by a malware anti-virus program called Security Tool. He had called to tell me about a virus infection he had. By the time I called him back, he said all was OK; he just renewed his subscription to Security Tool. Right away, I knew he was duped. He had made the mistake of submitting his credit card information to these crooks just for the sense of “security” but all it did was lay dormant until it wanted to get more money from you. Luckily, he contacted his credit card company and was able to issue a chargeback in addition to closing the account. Closing the account is a must because who knows where this information goes.

If you do happened to get these nasty buggers on your machine, you can simply reboot into Safe Mode with Networking Support (hitting F8 during bootup on a Windows machine will allow you to choose this). Download yourself a copy of MalwareBytes, update the definitions within it, and run a scan to eliminate any known threat. This worked great for my problem and I had it cleaned up in minutes.

After cleaning off the malicious software, reboot your system. Your very next step should be to get yourself a legit anti-virus program. There are plenty of free options, two of which I recommend include Microsoft’s Security Essentials and AVG Free Edition. For a detailed list of legit anti-virus programs that available on the market today, look here.

You can also venture here to learn more about rogue security software and for a partial list of known fake anti-virus program names.

Time for Security Questions 2.0?

Standard

Very interesting and valid point was mentioned on Headline News yesterday. A common security question we’re asked to verify our identity is your mother’s maiden name. With the rising popularity of social networking and with the openess of personal data, is this really a good security question? Many things to consider and certainly worthwhile to contact that company and express the concern. In the meantime, always be sure that not only yourself, but also relatives, limit the information they share publicly no matter how harmless they think it may be. So moms, stick to the marital name online if possible.