Don’t trust the internet
Over Christmas Day lunch with my extended family, an uncle mentioned he was upgrading his laptop on Boxing Day to take advantage of the sales. His laptop wasn't that old, so I was curious as to why he was considering a replacement so soon. His reply was his current laptop had a virus, and the virus was so bad the software he had wasn't able to remove it. I asked to borrow his infected laptop, and with the promise of beer and food if I could fix it, I booted it up the next day, and was presented with this gem:
(source: 2-spyware.com)
SecurityTool is a very clever piece of deceptive software. It entices a naive user by presenting a banner on a webpage saying that it has done a quick scan of their computer, and has found viruses that should be removed (this is impossible, no webpage can scan your hard-drive). The user, believing the advert, downloads and installs this, and then the fun begins.
It configures itself to boot up at startup, changes the desktop background to white and puts a white overlay hiding your icons, and will not let you shut it down (it takes up the whole screen) until you buy a full version. It presents "viruses" that it has discovered (which are all fake) and encourages you to purchase the full version for your protection. Even my constant pressing of Ctrl+Alt+Del were futile - the program quickly hides the Task Manager behind the screen above.
SecurityTool is very simple to remove - boot into Safe Mode, run msconfig and stop it booting up at startup. Also, delete the executable and the system returns to normal on the next restart.
As a programmer, I was amazed at how simple the idea of this software is - tell the user they have viruses, don't allow them to do anything until they purchase the full version, the whole time they believe you as they are none the wiser.
All this leads into the point of this post: don't trust the internet. Some years back when we used to do IT support for a handful of large companies, the biggest threat to their network's security and stability existed between the monitor and the chair of every computer. An ill-informed user can wreak havoc (just ask the Waikato DHB) with their downloads.
For some reason, unbeknown to me, if a user reads something on a webpage or in an email, they trust it 100%. All of their common sense and knowledge goes out the window. They ignore all warnings and information given to them by those in the know, and they follow what they read on screen.
Other things to watch out for:
- A Nigerian (or any other country) prince doesn't have millions to transfer you.
- The flashing banner saying you are the millionth visitor are fake.
- Your bank/TradeMe/PayPal/Gmail et al. have not lost your data, nor will they ask for your password in an email.
- A friend will not send you an email out of the blue, with an attachment you were not expecting.
If you suspect a rat, you can be sure you'll find one.
Being confused about something online is not unusual - don't act on what you read, ask someone you trust (who knows what they are talking about), or seek advice from a legitimate computer store. You can save yourself a lot of wasted time and unnecessarily lost data by seeking good advice.
Have a relaxing break everyone!
Other related posts:
Vodafone voicemail-to-email for free
Vodafone’s Sure Signal upgrade
How to fix “Message rejected by Google Groups”
Comment by RedJungle, on 28-Dec-2009 10:21
These scams are becoming increasingly common. I've removed this one, and a few others pretending to be Anti-Virus from friends/clients PC's lately.
Comment by freitasm, on 28-Dec-2009 21:02
And most of the times they are not after a sale - they are actually trying to get your credit card number to then resell it in the black market.
Comment by Athlonite, on 30-Dec-2009 16:26
so far this year alone i have removed this nasty bit of malware 60+ times and freitism is correct it is just a scam to harvest credit card details but it will also allow for more nasties to be installed on the PC it infects some will actually use the pc as part of a botnet
Comment by Athlonite, on 30-Dec-2009 16:28
oh and its also known as antivirus 2009, antivirusXP 2009, antivirus 2010, security tool
Comment by johnr, on 31-Dec-2009 22:05
Malware bytes takes care of these www.malwarebytes.org
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Comment by xpd, on 28-Dec-2009 10:09
Seen similar "malware" a lot lately at work.... some of it is a right pain to flush out too.
Saw one years ago which changed its look to match whatever AV software you had installed - if you had AVG, the interface to the malware was similar, run SAV, changed to that etc.... sneaky :)