Fake Infection Warnings Can Be Real Trouble

[Peaches]

"Does this sound familiar? A window suddenly pops up on your screen

from a supposed antivirus vendor, warning you of a system infection.

Click the close box, and it simply expands. What to do? And what does

it mean? Read on how fake antivirus infections can point to more serious problems--and how you can

extricate yourself."

Fake Infection Warnings Can Be Real Trouble

Erik Larkin, PC World

timestamp(1234304100000,'longDateTime')

"Michael Vana knew something was up when he saw the pop-up from "Antivirus 2009" in the middle of his screen. The former Northwest Airlines avionics technician guessed that the dire warning of a system infection was fake, but when he clicked on the X to close the window, it expanded to fill his screen. To get rid of it, he had to shut down his PC.

Sound familiar? Dirty tricks like these, designed to get you to install and buy fake antivirus products, are more common than ever. (For advice on how to proceed if you've installed a phony antivirus on your PC, see "Antivirus 2009: How to Remove Fake AV Software.") But while you might recognize such warnings as bogus, you might not know that the fake warning could be a red alert about an underlying bot malware infection. Knowing the difference is key.

"It's not something you even blink at anymore," says Christopher Boyd, senior director of malware research for communications security company FaceTime Communications, of requests for help in dealing with these warning pop-ups.

The increased incidence of these pop-ups is due to more crooks going after easy money from shady affiliate programs, which pay a huge cut of the profits--up to 90 percent--for every person who mistakenly forks over money for a fake program, regardless of what in­­duced them to pay. Often, the inducement comes from a malicious Web site that uses JavaScript tricks to toss up a bunch of pop-ups, or even resize the viewer's browser window, to create something that looks like a real antivirus scan.

You might reach such a site by using a bad search link, like the one Boyd clicked for a free online Batman game. He got redirected to a site that took over his browser to display a fake AV scan, which then found (fictitious) critical infections that could be fixed by purchasing the rogue antivirus program.

If a site merely hijacks your browser, you don't have to worry too much: The pop-ups or fake scanner windows don't cause lasting damage, Boyd says. You might be prevented from closing the window, as Michael Vana was, but you can usually bring up the Windows Task Manager with Ctrl-Alt-Delete and close your browser that way. Sometimes just hitting Alt-F4 will shut it down.

"To do this, [the fake site] uses real code, and doesn't generally exploit a hole," Boyd says. As long as you don't pan­ic and install the pushed program, no real harm occurs."

PC World Story: http://www.pcworld.com/article/159316/arti...ml?tk=nl_spxblg