Malware Detected – Please Download Fake AV

By Kim | Published September 24th, 2010

Alarms go off and the computer lights up like a Christmas tree, my wife yells from downstairs: “We have a Virus!”. My heart races and I believe that I am suffering from tachycardia. I quickly scream to her: “Touch Nothing! Hands off the keyboard!”. Even before I inspect the computer, I tell her it is probably a fake Anti-Virus trying to trick her into downloading this malicious code. Right away, I see this professional looking  window that lists a bunch of file infections and asking for a full scan or for the user to buy the software to remove the viruses that do not even exist.  It will even pretend that it is scanning and then generate a fake report of all your bogus infections.  Pretty clever business which makes a lot of money tricking unsuspecting users.  They call this type of malicious software – Scareware as it instills fear into users which out of panic causes them to make the wrong decision.

What should I do if the pop-up above appears? Definitely, do not close this window or click on any part of it. Clicking on it or closing the window directly may cause other malware to be secretly download to your computer.  You should exit the browser if you can without clicking on the Fake AV window. If this is not possible, you can kill the process using Windows Task Manager. If you do not know how to do this, shutdown the computer.

All real AV companies will allow you to trial the software before buying.  Scare tactics or buy on impulse should raise suspicion and make you stay away.  In addition, AV scanning takes time. If the scanner shows many infected files immediately, it is highly unlikely that it can detect this so fast. A scanner would show a first threat or infection, launch a scan with a progress bar, and then more infections would be seen. You can also search for independent reviews on the Fake AV which will probably clearly give you tips to stay away.

Some other names of these Fake AVs are: Antivirus 2008, Antivirus 2009, Antivirus 2010, Antivirus Live.

If you are already infected, it may be hard to remove and you may have other malware. My recommendation is always reimage but you can take your chances with removal instructions such as:

Removal Antivirus Live

When in doubt, do not click! Never let your altar ego prevail as it usually spells trouble.
Add to DeliciousAdd to DiggAdd to FaceBookAdd to Google BookmarkAdd to RedditAdd to StumbleUponAdd to TechnoratiAdd to Twitter

My Top 5 exploits of interest from the past weeks (July 29-Aug6)…

By Jojo | Published August 7th, 2010

Here are my top five publicized exploits and vulnerabilities that have been in the news over the past week and a half.

No patch for Microsoft Shortcut Vulnerability available for XP SP2 or any other end-of-life Windows release

By Jojo | Published August 5th, 2010

If your enterprise is running Microsoft XP with Service Pack 2, then I’ve got news for you: It’s now reached its end of support as of July 13, 2010. Check out Microsoft’s post on it here.

My Friend Sent Me This Link

By Kim | Published August 4th, 2010

I just received an e-mail from my best friend with an embedded link. The link seems meaningless and not something my friend would send. However, it comes from a trusted source which is my friend’s e-mail account. The link must be safe or else my buddy would not send it … wrong … you are letting your altar-ego prevail. Go back to my last post on “To Click or Not To Click” to understand rule number one, do not click on any links without due diligence.

Analysis of the Siemens SCADA and Windows Shortcut Vulnerabilities

By Jojo | Published August 3rd, 2010

As you’re probably well aware, there has been a lot of news over the past month regarding a new Malware that is impacting Siemens WinCC SCADA systems. The Malware is known as Stuxnet.

Network Security Protocols: IPsec vs. TLS/SSL vs. SSH – Part II

By Jojo | Published July 28th, 2010

In Part I, I provided some background information on the OSI layer, some of the protocols and on security. In Part II, I’ll be discussing the different network security protocols: IPsec, TLS/SSL and SSH.

Network Security Protocols: Background – Part I

By Jojo | Published July 21st, 2010

As an IT security professional, one of the areas where I gained a significant amount of knowledge and experience in is network security.  Working for a telecommunications company, it’s pretty much a given that if you are working in security, you are dealing with network security protocols such as IPsec, SSL/TLS and SSH.   I started off primarily working with IPsec and eventually was exposed to TLS and finally, SSH.  One of the real issues that I first encountered was differentiating between these network security protocols. It took me time to be able to understand and explain the following:

  • “What is the difference between these network security protocols?”
  • “Which one shall I use?”

To Click or Not To Click

By Kim | Published July 3rd, 2010

From my previous post – Is your computer secure– I indicated that novice users should never click on links. In this post, I will help you identify bad links and give you tips on when to click on a link.

When receiving a curious link, most users enter a split personality mode like Smeagol in Lord of the Rings. Your alter-ego says click on it, while your heart says don’t. Unfortunately, sometimes the alter ego prevails, we click and we get infected or Phished. Let’s decompose a link so that you can make educated decisions on whether to click or not.

Is your computer secure?

By Kim | Published May 22nd, 2010

Security is not an easy thing for the average consumer. The methods and procedures to ensure that you are not vulnerable to attacks are typically difficult and prone to configuration errors. With so many solutions out there, where does a consumer start?

Since Windows dominates the consumer market, let’s focus on securing this beast. Let’s use the analogy of physically securing one’s house. If I lock the door with my super expensive medico lock, but I leave my basement window open, am I secure? So I then lock all my windows, great I am now secure … Wrong!! The thief kicks on my door which has the expensive lock but I forgot to reinforce my door frame and within 5 big kicks, the thief is in. I reinforce my door to the point that the thief will need to drive a car through it. Haha, I showed that thief that he cannot mess with me … Wrong again!! The thief breaks my basement window and enters my house again. Now I need lock bars across all Windows and make it look like Alcatraz except people are trying to get in instead of out. I hope that you are starting to see my point.