Malicious web pages

A currently common scam is for a web site to say you have (or may have) a virus, let us scan your system for you. I recommend that you never allow a web site to scan your PC because there is no realistic way for you to know how legitimate it is. Get your own anti-virus (AV) software and use it.

The scam described tries to get you to damage your own system. Sometimes a visit is all it takes. The hacker in this instance, uses a flaw (bug) in the web browser to immediately install malicious software (malware) on your computer. You may not notice that anything has happened, although often the affect is obvious and immediate.

Those that are immediately obvious can be the most damaging. The hacker is not bothering to hide his or her attack and if damage (such as data destruction) is to occur, it probably already has — the computer is fast. If you are warned by your AV program, there is a chance it has blocked some or all of the attempted attack. Follow the steps below.

The stealth approach may be better or may be worse. You may have spyware or a virus installed on your system. If you didn't receive a warning, it snuck past whatever AV software you are using. There is a chance it will be caught later, when it becomes active, but your best defense is regular scans of your entire file system. (And, recall that I recommend use of at least two AV tools that are compatible.)

Perhaps the worst case, is when the attack opened a "backdoor" that will be used at some future time. Assuming your AV software misses this, you may never know it is there. However, the whole purpose of a backdoor is to allow the hacker to return whenever he or she wants to. They may be nice and do nothing to your system. They may use it as a stepping stone for illicit activity (they love showing this in movies). They may spy manually by reading files or watching activity on the computer. (Got a webcam? They may actually be watching you.) Or, they may trash the whole system at a later time. (Back up your data!)

Scams

The scam, briefly described above, uses misinformation to get you to do something you wouldn't normally do. Like install malware on your PC. Often, in order to install the malware, they need your permission. That is, they need you to take some action that allows the software to install.

Assuming you have taken the system administration advice of using a regular (not administrative) account for normal activity, they probably need special permission to install the malware. Again, they are going to try to trick you into doing this.

In a more traditional con, they sometimes try to convince you to buy something – usually their "special" AV program. In this case, nothing is installed, but you're out some money. (Dispute the charge with your credit card company.)

Finally, you may just find it impossible to get away from a site that you've been redirected to. (As an aside to the sidebar, I don't see how this very irritating scenario gets anyone to buy anything.)

What to do

Programming

Let's say you have browsed to a web site. A pop-up window appears that says a virus has been detected on your computer. The question asked varies:

• Do you want to scan your computer now? (A great cover for lots of disk activity.)
• Do you want to purchase Perfect Anti-Virus? (Often the name is chosen to sound like a legitimate AV program.)
• Do you wish to continue?

The question varies because they are in control whichever way you respond. They wrote the program that acts upon the response! If you say "yes", you've given tacit agreement to installation (that is, you will allow the system to actually install the malware) or to a purchase (so, of course you have to enter your credit card info). If you say, "no", they can ask again, perhaps raising the rhetoric level. Or, they can pretend you gave permission — you took an action and the dialog box disappears, so whatever comes next must have been because of your response, right? (What did that box say again?)

The key to remember is their program gets to decide what to do for either response, not you, no matter what the question is. There is no safe response.

Steps

1. Dismiss the dialog box (don't respond to the question) using your browser's dismiss button (often an "X" in the top-right corner); then click the back button. Unfortunately, this may not work. Dismissing the dialog box may result in another dialog box, the back button may be disabled or cause you to be redirected yet again. Any of these, or a warning from your own AV program, is a sure sign that you have to take more drastic action.
2. Dismiss (close) the web browser application – again, you are ignoring their pop-up. Typically this can be done with a browser button (X) and from the task bar or system tray.
   • Before proceeding, bring up all your other applications and save what you are working on.
3. Assuming that didn't work, use the system task manager (monitor) to kill the application. Check the process list to see that it is actually gone.
4. Assuming that didn't work, look at the list of processes and locate your browser (they can usually be sorted by name). There may be several. Select them all and kill all of them at the "same" time. (Some malware today has several processes that monitor one another, automatically restarting anything you kill.)
5. Still stuck? Time for a crash landing. Hold the power switch in for ten seconds or until you PC powers off.

If you reached step 3, I recommend a full system scan using (both of) your AV program(s).

If the system doesn't work or exhibits any erratic behavior, find the "help desk" in your IT department. Back up your files first; they may have to wipe the disk. Then use the files you just backed up only as a last resort (You've been backing your file up all along, right?), as the malware may be lurking there.