Don’t Get Caught Off Guard By Web Pages Imitating Antivirus Software

Malware, which is any type of harmful software, uses many different methods to trick users into installing it.  A recent trend is to imitate legitimate antivirus software so you inadvertently install the malicious program.

Malware creators utilize scary pictures and language to trick people into believing their computer is infected, and ultimately attempt to make the individual purchase something to remove the fabricated “threats”.

In my experience as an IT support technician, this type of malware is generally installed on an individual’s computers when they click a seemingly harmless link on a website or download a file.  This means the malware can be prevented if users know what to look for and follow safe browsing habits. This article will provide one example of how to do that.

Malware in Disguise

Recently I came across a very interesting pop-up I hadn’t seen before:

Pop-upAt first glance, this error message looks like a legitimate virus notification.  However, this image has some flaws that, with the right knowledge, make it easy to spot as a fake and avoid the consequences of clicking on it.

How to Identify a Fake Virus Notification

The first giveaway that the virus notification shown above is a fake is that it shows the virus scanner running in a “My Computer” window (as seen in the title of the window).  This implies that the virus scanner is a part of Windows, but Microsoft does not have any antivirus software integrated directly into the operating system.

Second, nothing happens when trying to move the window.  Moving the mouse cursor over the buttons doesn’t make them change like you normally see in Windows. You can also observe that there are numerous spelling and grammar mistakes in the text – any professional product would not contain such mistakes so frequently.

Finally, my taskbar only showed that Firefox, iTunes, and Pidgin windows were open, no antivirus. However, it showed an extra Firefox window which I had not opened. At this point I clicked it to bring that window to the foreground and the bogus virus scan appeared.

Since experiencing that first pop-up, I have seen several others that are similar. Each has its own unique features, but the general premise in all of them is the same. Observation techniques such as the ones I used in this situation can be used to determine the legitimacy of many other fake notifications and will help you avoid viruses.

Additional Tips

Besides the specifics of the example in this article, here are some general “good computing” habits to prevent you from being a victim of this latest type of virus:

  • Have legitimate antivirus software installed and updated (Microsoft Security Essentials, avast!, Avira, and AVG are all good antivirus products that can be downloaded and used free of charge).
  • Know the name and logo of your installed antivirus software.  If you see a notification with a different name, you’ll immediately know that it’s a fake.
  • Take time before clicking on links or images to make sure you know what they are and where they lead.

In the past, this type of virus has been relatively easy to remove.  However, recent iterations have proved more tenacious, which makes it that much more important to know how to prevent them.

Have you have encountered any similar pop-ups? Or have you gotten the malware that can be caused by them? Do you have any other additions, comments or questions about good browsing habits to prevent getting malware? Please let me know in the comments below!

Image Credit: http://www.salisbury.edu/helpdesk/