Scareware has hit plague proportions online and while something could look like download it may not be. This is why you should get your Windows 8 download from a reputable source. It’s capable of delivering multiple Trojans. It isn’t particularly new technology, but it’s an adaption of some old technology which should have people thinking about appropriate protection and fixes. If you’re in IT support, you’ll need a good working methodology for protecting your system from this very nasty collection of viruses, which include keyloggers.
Scareware basic technology
Scareware is simple but effective in terms of its methods. An alert appears on an infected page, telling the user that their security has been compromised. In most cases the alert will include a bona fide-looking Microsoft logo on a dialog box. The user is supposed to hit the dialog box, which automatically downloads a group of Trojans.
(In a twist, Scareware has been known to warn people that a security system they don’t even have has been compromised. The dialog boxes are generic, and the software doesn’t actually read systems.)
The trouble at this point is that the entire page is an overlay on top of the legitimate web page. This technology was invented a few years ago, and effectively booby-traps the page. Any click will start the download. Hopefully, with newer operating systems such as Windows 8 coming out some of these vulnerabilities will be sorted out.
At this point, the computer will be infected, unless the proper steps are taken.
Note: Good browser security will find the viruses quickly enough, and even automatically quarantine them, but even the best sometimes don’t notify the user what’s happening. You need to check history and quarantine, but run the scan as directed below anyway. The Trojans are a mixed bag of types and vintages.
Dealing with Scareware during an attack
The steps for dealing with the problem are basic enough:
- Users on a network should notify their IT services immediately to help ensure no further contamination occurs.
- Don’t click anything. The infected computer should be immediately disconnected from the internet and the network, to deny access to the net to the viruses and reduce the possibility of spread.
- A full security scan should be carried out. This will find at least some of the Trojans, and further scans will also locate offending cookies and other malware which may have found its way on to the browser.
- If the computer or network is involved in online transactions, banks and other institutions should be notified of a suspected infection. The bank internet support people can keep an eye on the account for any suspicious transactions.
Protecting the net from Scareware
Scareware can show up anywhere online, including pictures. In many cases the website operators have no idea that they have any infected materials. The best defense is to deal systematically with the issues:
- For website owners: An external test is the best way of finding out if a site has these problems. Tests should preferably be conducted by professional security firms.
- For internet users: A bad site report through Google, Yahoo or other search engines should be made to ensure that site owners are aware of the issues.
- For IT professionals: It’s a good idea to try to find as much information as you can about the Scareware and identify the Trojans for your security. A bad site report should be made.
Scareware is just plain nasty, and potentially extremely destructive. Anything you can do to help stamp it out will help everyone.