October is Cyber Security Awareness Month, but a recent poll suggests most people aren't very aware at all. For instance, 80% of computer users surveyed said they had a firewall installed and protecting their computer, but a follow up scan on their systems showed that half of those didn't have any firewall at all.
With so much confusion about firewalls and viruses and spyware, it's no wonder that people are confused, and a whole rogue industry seems to have sprung up to take advantage of that. There a number of companies out there that make products that falsely detect infections or problems, and then send you out to their sites to buy the software to take care of the non-existent issues. At NCTCS, we are spending an ever increasing amount of time removing these rogue programs from systems, and I have often wished that there was a way to take action against these companies. Happily, Microsoft is now going after some of them in court. There is a great article
here by Brian Krebs, who writes a security blog at the Washington Post, discussing some of the actions that are being taken.
One of the programs he discusses is a program that I have been seeing way too much of lately. Anti-Virus 2008/2009 is a rogue anti-virus program that gets installed on your computer and generates a series of pop-ups and false warnings to make you think your computer is infected. (You can see how it works
here.) It will ask if you want to fix the problems, and then direct you to their site where you can pay them $49.95 for the privilege of stopping their pop-ups on your system. A new twist that I have seen this past week is that it also downloads the joke bluescreen (I previously mentioned it
here) so it also looks like your computer is regularly blue screening. The first time I encountered it on a client machine, I was completely fooled; I thought the computer was bluescreening every time I walked away and left the scan running, when in reality, it was just "bluescreening" when the screensaver started.
As best I can track down, this seems to be downloaded either through illegitimate video sites; you either go to the site directly or click on a link you get in an email to a video, and then you're prompted to install a "video codec" to view the video. As soon as you do, the malware is installed, and this one is really hard to get rid of. It seems like every time I get a good system down for removing it, it morphs again and I'm back to square one.
The best bet for avoiding this type of malware is to avoid sites that are questionable, and never download anything when you don't know the source. Your anti-virus and anti-spyware can't do a good job of protecting you from things you install yourself, so if you aren't sure, just don't install/download it, and as usual, if you have any questions let us know.
NCTCS 
