Untitled Document

Employees warned to watch for fake anti-virus software

As cyber security officials warn computer users to watch for Internet and e-mail scams, a new one has surfaced that preys on individuals trying to protect their systems, said ITD Cyber Security Officer Forrest Anderson. The newest, rapidly spreading attack is disguised as anti-virus software.

“ Fake anti-virus and anti-spyware software is being used by scammers and identity thieves to infect computers and steal personal information or to launch other malicious attacks against computers or networks,” Anderson said.

Recently several ITD employees have experienced these kinds of attacks when accessing the Internet. Often they will be doing some kind of research, typically through the use of several popular search engines. The search results may contain many links to legitimate Web sites but also may include links to sites that have been compromised or are malicious in nature.

Accessing the site may trigger a pop-up that appears to be legitimate and may claim that you have a virus or spyware and to ‘click here’ for a free scan.

Do not click on the link, Anderson warns.

“Clicking anywhere in the pop-up may result in the malware being downloaded to your computer. It is best to immediately close the browser window or use task manager to kill the process. Our department McAfee anti-virus software has been successful, so far, in blocking any infection.

“Also our Websense Internet software is blocking these malicious sites as they are identified. You may see Websense alerts if you access a site that has been compromised or is malicious. However, Web filtering and anti-virus software cannot be 100 percent effective, so we ask employees to be extremely cautious and wary of these kinds of attacks.”

Scammers, identity thieves and hackers have become more sophisticated, Anderson acknowledges. Some cyber-criminals are selling or giving away software that supposedly fights viruses, spyware and malware. In fact, these programs do not work or can actually infect your computer with dangerous malware. Often this software will appear to be very official or legitimate.

Sometimes they try to scare or intimidate users into downloading or purchasing the products to protect themselves. Fake alerts sometimes mimic legitimate anti-virus alerts. These kinds of alerts usually are generated by some kind of “Trojan,” which is a program that attempts to take control of the computer.

“These are often found as the result of e-mail attachments or links, pop-up advertisements or visits to an infected or malicious Web site. Adult sites, social networking sites and file sharing (video/music) are special favorites of the scammers.”

What to look for:

* Rogue anti-virus/spyware programs may generate many bogus alerts
* You may be bombarded with pop-ups, even when you're not online.
* Alerts or messages may try to convince you to “buy or download right now”
* If your computer has been infected, it may dramatically slow down or you may see unrecognized icons or wallpaper, or homepage might change.

Cyber security tips to avoid fake anti-virus:

Keep your computer updated with the latest anti-virus and anti-spyware software, or security patches and be sure to use a good firewall. (Note: This is automatically provided for ITD computers)
Never open an e-mail attachment or click on a link unless you are sure of the source. If someone you know sends an e-mail that is out of character or suspicious, check with the sender before opening.
Do not click on any pop-ups or advertisement for anti-virus or anti-spyware software (Note: Everything you need for anti-virus and spyware protection is provided to ITD computers)
Do not download freeware or shareware unless you know it's from a reputable source. Freeware and shareware programs often come bundled with spyware, adware or fake anti-virus programs (Note: ITD employees should not download any software that is not for business purposes because it may violate computer use policies. Even applications downloaded for business purposes may be infected or cause conflicts with other applications, so it is best to check first)
Avoid questionable Web sites. Some sites can automatically download malicious software onto your computer.
Users with local administrator privileges on their computers need to be particularly cautious because the infection or compromise may be worse for users with elevated permissions or access.

If you think your computer is acting suspiciously or might be infected with malware. Contact your district IT coordinator, the HelpDesk or Cyber Security Office.

http://www.staysafeonline.org
Forrest Anderson – Cyber Security Office - cybersecurity@itd.idaho.gov