FakeAV

You are cruising the web, looking at whatever interests you (this could be scrapbooking sites for all I care…) and suddenly – a big red warning screen pops up, and an antivirus starts scanning your computer – with a zillion infected files listed. You’re infected, and it’s bad!

Not yet, perhaps… but click on that screen that says “start removal now” or “do you wish to scan your computer?” and you will be! One of the most common scams on the internet today is the FakeAV scam. Also known as scareware (my favorite is extortionware), this malware infects your computer under the guise of fixing an infection. Generally, the computer isn’t infected until you click that button, thus authorizing the page to download files to your computer. In some cases, the writer of the malware has set up the page so that any click downloads the files. Even an attempt to close the page might start an install.

What is the purpose of extortionware? Well, exactly that – extortion. Once the files are downloaded to your computer, the malware installs itself and reports to you that your computer is infected (it is, but that’s the malware that just installed), and in order to remove the malware you must purchase the antivirus. Sometimes your credit card isn’t even charged for the malware – but is compromised and sold to the highest bidder.

Don’t fall for the “you must purchase this program to clean your computer” scam. Instead, run your regular antivirus (if you can). If it is unable to run, then the malware has disabled it. You’ll need something like Malwarebytes anti-malware to do an initial scan. MBAM is available in a free or paid version – the free version is all that is needed for an initial scan and clean. If you are uncomfortable with doing this sort of task, take it to a local computer shop. Some of them even offer low-cost cleanings because they can scan multiple computers at once. Otherwise, install and run the legitimate scanner and then enable and update your regular antivirus to scan as well. You can also check an antivirus website like Sophos or Symantec for further instructions.

You’re probably wondering why your antivirus didn’t stop FakeAV in the first place. FakeAV is a name for a “class” of malware. Every day, multiple new versions of FakeAV are created and sent out into the wild before the antivirus companies can update your antivirus. Often, you won’t run across a new version until after your update, but the writers count on at least some people hitting on an infected site before their antivirus is updated.  And there’s no formula for avoiding FakeAV infected pages. Sometimes, the most legitimate websites have become infected because of ad space they sell or a missed patch.

Now – for my friends who use the same computer for business and play. Stop it! (You know who you are. I promise not to divulge names…) FakeAV is only one possible risk – there are virus writers churning out much worse stuff as well. Letting the grandkids play on your business computer is bad business in general. Files could get lost or damaged.  Home businesses have been thriving thanks to the availability of inexpensive PCs. If you have a home business, have those files on a separate computer that no one else uses! You’ll be much happier in the long run.  We’ll discuss your lack of back-ups another time.