New “Scareware” Malware Computer Infections on the Rise

by Geek Squad Agent on ‎03-11-2009 10:04 PM (14,181 Views)

Here’s how it works: an ad for a Web site pops up as a window on a user’s computer, falsely indicating the PC is infected with a “virus.” The user clicks on the ad that links to the Web site. This downloads and installs a program. Depending on your security settings or software this can even happen automatically!

 

Once the program is on your computer, it automatically downloads other infections and also changes some inner Windows-workings that regulate how your PC browses the Internet. 

 

Here’s the real kicker. If after the infection is on your computer and you attempt to visit legitimate software review sites, you are redirected to fake Web sites set up to look exactly like the originals. For example, you might try to look up “antivirus” on a Web site. But instead of going to the actual site, you will go to a mirror image that will ask you to download the software: “Antivirus1,” “Antivirus 2010,” “Antivirus XP” or “Antivirus360/AV-360.”

 

DON’T DO IT!! These programs, as legitimate as they may look, are viruses set up to get your credit card info out of you.

Of the last 10 virus removals I performed where one of these viruses were involved, 7 people indicated they thought it was some sort of Windows Update, clicked the ad and installed the software. 6 of those people had been using computers for 5+ years.

 

To protect yourself keep a few things in mind:

  • Stick with name-brand software. If you are unsure if it is a real product, try searching for it on a name-brand brick-and-mortar store’s Web site for the name. If you don’t get an exact match of name and picture, be wary.
  • If your computer has directed you to a Web site that says “Antivirus 1,” “AntivirusXP,” “Antivirus 2010,” or “Antivirus 360” is an awesome product, you may have already been infected with the original redirecting program. This program is what directed you to the false Web site in the first place. 
  • If your computer is suddenly “Blue Screening” and looking like it is rebooting, giving you a warning about some sort of unregistered program during the boot screen, you are infected. Shut off your PC and get it fixed immediately. Change PIN numbers and passwords AFTER the repair is complete if you bank/buy things online.
  • If you have already given your credit card number to one of those software programs above, alert your credit card company immediately.
  • Make sure your computer is up to date and has antivirus AND anti-spyware protection.
  • Be extra cautious of ”adult” Web sites.

The “Big 3” things to remember that I always make sure to tell my clients:

 

  1. The goal of “scareware” is to scare you into thinking something is horribly wrong. Once you are convinced, you will probably download the bad software. This usually ends with providing financial information to a bad third-party. All the protection in the world may not help if all users of the computer don’t know that what is “popping up” is fake.
  2. Microsoft currently does not advertise anything “non-Microsoft” to fix problems with your computer. For instance, Microsoft does not recommend via pop-up to install “Joe’s Antivirus” program because you have a problem. Currently the viruses do not use the phrase “Microsoft” in their advertising. They do use the phrase “XP” however. 
  3. Finally, if you suspect at all that anything is wrong, turn off the PC and get it looked at. Viruses cannot spread if the computer is turned off. They can spread if the computer is on and connected to broadband (even if you do not open your web browser).

If you have any questions, or think you may have been infected, give us a call or stop in to one of our local Geek Squad precinct at any Best Buy store.

Comments
by bbbrad
on ‎08-27-2016 11:05 AM

I went to the bestbuy website this morning and was redirected to a website saying i was infected and to call a certain number.  i closed the computer down and tried later again and this time I was redirected to a website selling system cleaning software.  this occurred in a windows 10 system with Mcaffee running.  it occurred in both windows Edge and Google Chrome.  It did not occur on other websites.  It seems that Bestbuy is infected with a malacious script.

by Geek Squad Agent
on ‎08-31-2016 03:51 PM
bbbrad, I will let the right people know. I don't think, with our supersecure web infrastructure, that it would be possible for us to have picked up any malware. But I will pass the word along. Thanks.
by Geek Squad Agent
on ‎09-02-2016 09:25 AM
bbbrad, Spoke with some of the Bestbuy.com security folks and our virus and spyware experts about your experience. Their opinion is your computer picked up the virus that caused the pop-up on your computer somewhere on the Internet and it opened when you hit bestbuy.com either by random or according to some trigger the virus writers set up. The folks that overlook activity on bestbuy.com servers have not seen any activity that would indicate the servers have been infected. Older viruses tended to redirect browsing activity immediately, but newer viruses are coming with a delay to help hide the source of the infection. We do appreciate you letting us know that you got redirected after visiting our site because it helps us stay on top of potential problems. If this pop-up activity continues to inhibit your ability to use your machine, our experts recommend you take your device to the Geek Squad Precinct at your local Best Buy store or your favorite local computer repair shop and ask them to take a look at it. They should check your HOST file and all the internal DNS settings on your machine. Again, thanks for reaching out to us and good luck getting your machine back in working order.
Geek Squad Videos

Visit our Channel on   

 
Labels