Thanks to Fake Alerts, Infections Can Happen to the Best of Us
I'm going to postpone the second part of my OAuth conversation to tomorrow, in part because I thought it would be important to share my experience today and in part because the computer with my notes is being debugged as I type this.
Because protecting data is a topic that is forefront on my mind, I do everything possible to practice what I preach here. Yet, while I was in the middle of my work day, I got a virus warning, telling me that my computer was infected with dozens of Trojans and I needed to upgrade my virus protection. It certainly looked real, but I've heard about Antivirus Live, malware that, according to 2-viruses.com: "relies on Trojans-Downloaders and drive-by downloads to enter the system, and relies on misleading advertising to trick users into purchasing its "full version”, which doesn't really exist.”
I scan my computer daily but the virus was never picked up.
Even though I didn't click on anything, my computer was taken over by pop-ups warning me of files being infected. By the time I rebooted, there were at least 40 pop-ups. However, rebooting didn't help. My computer was still warning me of viruses. Working with my IT staff and an uninfected computer, we eventually found a fix – which is now scanning my desktop.
I spent the afternoon searching the Web trying to figure out what I did that triggered this virus; it's apparently very common, because typing "Antivirus Live” into the search engine brings up a lot of sites, most of them message boards asking for help on how to get rid of it. The only common denominator appears to be use of IE.
Antivirus Live fits into areas of concern facing 2010 technology, such as malware variants (Antivirus Live appears to be a variant of Antivirus System Pro) and social engineering.
And just yesterday, Marc Fossi of Symantec wrote on IT Business Edge of the dangers of rogue security software to SMBs. Think it can't happen? Fossi points out the specific methods that scammers use to get this type of malware onto computers and writes:
"Symantec's Report on Rogue Security Software notes that 43 million users downloaded one of 250 so-called 'scareware' programs from June 2008 through June 2009."
I decided to write about my adventure as a reminder to everyone to make sure employees are aware of malware that masquerades as real alerts.