Tag Archives: Norton

Ransomware: It’s a fake virus scanner, only more violent.

Last September, I wrote about fake virus scan pop-ups that you sometimes encounter while using a web browser, sometimes known as “scareware.”

What I didn’t cover was a class of malicious software known as “ransomware,” the fake virus scanner’s more violent cousin. The difference?

  • Scareware: tries to trick you into purchasing useless software and probably installs spyware, adware and other malware.
  • Ransomware: poses as a virus scanner, but locks up your computer and forces you to purchase useless software to unlock your computer. Also likely installs a bunch of other malware, in addition to the fact that you’ve just given criminals your credit card number.

It’s kind of the difference between a con artist and a mugger, I guess.

There’s no real way to tell offhand whether a fake virus scan pop-up window is scareware or ransomware. It doesn’t really matter—you don’t want it either way. The same rules for prevention apply in both cases.

Both start the same way: you visit a website and a window pops up that tells you your computer is infected with a virus. The pop-up almost always has an “OK” and a “Cancel” button. Do not click on either of these, because they both install the malware.

You can click on the “X” in the upper-right corner of the window, but I don’t even like to do that. I use “CTRL-ALT-DEL” to force the browser to close. I think the Mac version of “CTRL-ALT-DEL” is “Command-Option-Escape.”

After I’ve shut down the browser, I run a virus scan and a spyware scan. It’s sort of a pain and it takes a while, but too many people value convenience over security, and they end up paying for it. There are very few instances in which it’s not possible to find something else to do while your virus scanner runs. You don’t have to be on the Internet 24/7, you know.

Now, I’m not one to tell anybody what brand of web browser to use, but I will say one thing on the topic: since I switched from Internet Explorer to Firefox with the NoScript plug-in, I haven’t had a single scareware window pop up. I’m not telling you what to do. I’m just sayin’.

Also, I know it costs money, but you cannot afford not to do it: install some good antivirus software, keep it updated and keep your subscription current. Norton, McAfee, Kaspersky; I don’t care which one you use, just use something. No, it’s not super cheap, but if you’d rather shell out $79 to unlock ransomware than spend $69 on actual protection…well, in that case I think there’s just something the matter with you.

Finally, for an extra level of protection, install the excellent (and free!) Spybot Search & Destroy. Yes, right now. There is one annoying thing about this software, though, and it’s Microsoft’s fault: in Windows Vista and Windows 7, in order to run S&D properly, you can’t just click on the icon. You have to right-click the icon and select “Run as administrator.” You won’t be able to actually remove anything if you skip this step.

There’s a recent story about ransomware at MSNBC, with a video that shows the malware in action (and actually shows you how to unlock it with hacked registration codes).

More information about fake virus scan pop-ups: what the FTC has to say

Today I was checking out some articles at FTC.gov, and I came across a good one called “Free Security Scan Could Cost Time and Money.”

The article dates back to December 2008, but it’s still relevant. It covers the same basic topic as my post “Fake Virus Scan Pop-Ups” from a couple weeks ago, with some additional information I thought it would be wise to share.

For example, this article also says that when a window pops up offering a “free security scan” or telling you that “malicious software” or (for maximum scare value) “illegal pornography” has been found on your computer, not to trust the “Cancel” or “No” buttons on that pop-up window, since it usually does the same thing as the “Scan” or “Yes” buttons. However, they also give you specific directions, which I did not do in the previous article:

If you use Windows, press Ctrl + Alt + Delete to open your Task Manager, and click “End Task.” If you use a Mac, press Command + Option + Q + Esc to “Force Quit.”

The article further warns you, “Make it a practice not to click on any links within pop-ups” (my emphasis), which I think is pretty good advice.

There is one paragraph I disagree with (or, more accurately, only-sort-of agree with) in the FTC article:

If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is on the up-and-up.

I only take issue with this advice because, in general, I feel that if you’re getting an offer at all, it’s probably not legitimate, so don’t bother wasting too much time on a search.

Norton, McAfee and Kaspersky are going to advertise on the Internet, obviously. However, they’re never going to do it by running one of these pop-up traps. If you’ve got a “free scan” or “clean your registry” window, you’re looking at a scam. I’d consider that a zero-tolerance policy if I were you.

If you truly feel like an offer might be legit, go ahead and do a quick search on it. However, my first reaction is to not trust any offers that I wasn’t looking for in the first place. If you were looking for security software to begin with, it’s a different story; obviously, Symantec’s website might have special offers on it from time to time, since they’re the actual company that produces the Norton line. It’s when you’re looking for the latest Hollywood scandal photos that you’re going to run into trouble.