There’s spyware, adware, malware, etc. I would like to coin a new term: scareware.
I returned home the other day to my mother making some noise.
“The laptop got a lot of trojans and viruses! Just now it scanned and found 38 viruses!”
Of course, I immediately suspected that it was fake. But just to be sure, I asked my parents if they had visited any funny links or opened any email attachments. They denied doing so.
Yup, I have successfully educated my parents how to be smart on the internet. I told them to only visit sites that you know and trust to be legit. I know my parents like to visit travel sites like zuji.com. And just to be sure, I installed firefox with adblockplus just in case. Since they love to use email, I reminded them not to open any emails from suspicious addresses and/or dubious subject headers. I told them that email-spoofing can be easily done. So just be wary. However, I am not able to make them use gmail, since they’re already using yahoo for some time now. But yahoo is still good enough to me. This is the advantage of having a geek in the house.
Anyway, I checked the laptop and found that a program resided in the “All Users” appdata folder was set to run automatically when Windows was started. It’s ironically called “System Security”, and will “scan” and find bogus viruses and trojans on the PCs. Out of curiosity, I just let it run and it finished scanning in about 5 minutes. Yes, 5 minutes. It managed to scan the entire C:\ consisting of tens of thousands of files in 5 minutes. I snorted.
The “report” showed me 29 viruses and trojans this time (my mum said 38). And at the end, it asked me whether I wanted to “buy and clean my PC” with a jolly green tick, or “continue unprotected” with a big red X. Clicking on the red X, I went into the settings and true enough, the options “Run on Windows start” and “Scan on startup” were checked. Interestingly, I was unable to uncheck. Clicking on the checkbox prompted the same “buy and clean/continue unprotected” splash screen. Clicking on “continue” brought me back to the settings dialog with the two options still checked. Apparently there was no way you could uncheck it. I asked my mum if she had seen that splash screen before.
“Yup. I clicked on clean and then it asked me to buy it for $19.90. I just shutdown the laptop.”
Smart, mum! I have taught you well my young…err, matured, padawan!
Apparently, there was no uninstaller. No surprises there. A check using WMIC, a trick I learnt in office to check for installed software by querying the registry, showed that there was no installation entry as well. So I simply deleted the program, the shortcuts on the Desktop and Start Menu and the usual startup locations in the registry under HKLM and HKCU. Problem solved! Score one for the geek in the house!
This is a perfect example of a scareware scam. Before I discovered adblockplus, I always saw those flashing banners in bright green and red screaming “YOUR PC COULD HAVE BEEN INFECTED!!!!”, or those flash ads that show some sort of fake scan going on. I’m pretty sure a number of people did get into a panic and clicked on it, then input their credit card details. For a website to have a million hits, it’s pretty believable that five thousand people clicked and a hundred people gave their credit card information.
Scare tactics such as this thrive on our fear, brought about by the media reporting on how easy it is for PCs to get infected. What they usually don’t say is how easy it is to NOT get infected in the first place. The only antivirus on my PC is Avast Antivirus Home Edition, which is free for home use. It is a very lightweight application that does nothing more but run an unintrusive background scanner and updater. I don’t need Norton’s huge suite of security applications or some funky McAfee Super Internet Security Anti-Hack Guarantee application. And my PC hardly ever gets infected.
Of course, the trick is to practise a lot of caution while browsing. My overly skeptical nature does help a bit. But even then, I do get caught once in a while. It’s great that Avast has always managed to detect them and has yet to fail me.
Surf safe. Don’t get too scared. The best thing to do if you suspect your PC is infected? Disconnect it from the internet, and then try to weed out the problem. Or call your local resident geek if you’re not sure. Or maybe even me.
