Sunday, October 19, 2008
Q. Recently my computer was attacked by a program named Antivirus XP 2008 that, while claiming to protect your computer, is actually a virus itself.
It pops a big red warning block on the screen and asks the user to continue. Pressing continue brings up another screen asking for your Visa number so you can be billed $39.95 to get rid of the threat it has identified. Well, you’d have to be crazy to give them a credit card number.
I was unable to get rid of this attack software. Finally I had to reformat the hard disk, reload the operating system and begin anew. This malware is really bad news. If it should happen again, is there any way to get rid of it other than start all over?
A. Antivirus XP 2008 is part of a growing threat category called “misleading applications,” “rogue programs” or “scareware.” These programs make false or exaggerated claims about the security of your system and request or demand payment to solve them.
Rogue programs can be found all over the Web, but they’re more common on sites offering adult or pirated content, blogs and forums. Sometimes you can be infected just by visiting the site; other times, you may be tricked into downloading the program by bogus pop-up ads that look like Windows system warnings.
The problem is so pervasive that recently, Microsoft and the Washington state attorney general filed suit against two companies that use fake warnings to sell their Registry Cleaner XP software. They promised to pursue others, as well.
“We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” Attorney General Rob McKenna said in a statement.
Microsoft has said that 50 percent of its customer-support calls regarding computer crashes can be blamed on spyware, which the state of Washington broadly defines as any software whose marketers mislead users into believing it is necessary for security.
If you have to deal with Antivirus XP 2008 or another threat again, online gurus on the CNET.com forums and at BleepingComputer.com report success eliminating it with Malwarebytes’ Anti-Malware, a free and highly rated spyware remover available from download.com.
To avoid downloading a misleading application in the future, consider these tips from Symantec, maker of Norton AntiVirus:
UUse security software to proactively protect from spyware and other security risks.
UConfigure your firewall to block unsolicited requests for outbound communication.
UBe especially cautious when clicking on pop-up advertisements — especially ads promoting system security or performance tools that look like a standard Microsoft Windows alert.
UDo not accept or open suspicious error dialogs from within the browser.
UPurchase security and system performance software from reputable sources.
UKeep software and security patches up to date.
To learn more about misleading or rogue applications, visit www.symantec.com/norton/theme.jsp?themeidmislead or www.bleepingcomputer.com/malware-removal/rogue-programs.
If you’ve ever been tricked into downloading malware by a bogus popup ad, take comfort in the fact that you’re not alone.
A recent study by North Carolina State University researchers showed that most Internet users are unable to distinguish genuine popup warnings messages from false ones designed to trick them into downloading harmful software — even after repeated mistakes.
Undergraduates were fooled by fake messages 63 percent of the time, hitting the “OK” button in a message box when it appeared on the screen, despite being told that some of what they would be seeing would be false. Safer options, such as simply closing the message box, were infrequently chosen.
XThink you can stump the geeks? Send your high-tech question to stumpthegeeksnewsobserver.com. Include your name, address and daytime phone number. Individual replies are not given.
2008, The News & Observer (Raleigh, N.C.)