FakeAV is a virus designed to look like real anti-virus software in the hopes that the victim will click a link and download a malicious package. The malware often does not stop there. Many FakeAV packages continue the con by disabling true anti-virus packages claiming that they are harming the system they are intended to protect. These viruses come in many forms but are well crafted to present like a trusted virus prevention source such as the example above.
What to do when presented with a suspicious AV Warning?:
If your computer presents a virus warning that is not clearly part of your installed anti-virus software (Here at Middlebury that is Sophos Anti-Virus) you should power off your computer without closing any windows. A hard shutdown is the most secure way to guarantee that Fake AV will not be installed on your computer. Even closing the window has the potential of installing the most well-crafted FakeAV downloader.
Where does this FakeAV come from?:
Most of this malware comes from what are often termed drive-by attacks. In other words, you may visit a web site that has been compromised or that is hosting a third party advertisement that has been compromised. It is nothing that you have done but the active content on many of these sites provides the opportunity for these attackers to pop-up these attacks on your system. The good news is that unless you interact with the threat or the site directly there is little risk to your system from these FakeAV attacks. The down side is that some of these attacks are becoming harder to distinguish from a true Microsoft warning or other messages. Here at Middlebury we use Sophos AV. At Home you should know what kind of AV software you have installed and what the warning messages will look like.
Learn more about safe computing at:
Safe Computing
There are many different ways to keep your computer safe. Beyond the basics of anti-virus software (ensure your system is current with Sophos AV) and patches, you usage of the system and the data with which you work is equally important.
Many of us today spend much of our time working on the Internet and inside of our web browsers. It is easy to add different toolbars and plugins to these web browsers. Did you realize that each of these add-on packages adds vulnerability and removes security from the browser that you depend upon. For example. over 100 systems here at Middlebury tried to add the Search-IT browser Toolbar to their Internet Explorer web browser this past week. Search-IT is a toolbar that both propagates adware and collects user data from the system on which it is installed. It sells itself as being a search accessory or plugin to the web browser to help facilitate the search process. Many people do not even realize they are installing the toolbar until they see the added functionality in IE. What you do not see is all of the data on your usage being sent back to the internet. The lesson here is to not install plugins and toolbars.
Other tools are equally enticing. WeatherBug is a common one. This little gizmo sits in the corner of your screen and chirps away telling you the weather updates. It also opens a backdoor for spam, spyware, and hackers of all flavors. P2P software, such as eDonkey or many of the different .torrent applications are common for file sharing. What many do not realize is that most of these utilities never close and are two way pipes that both allow for file transfers up and down. They essentially are back doors into our network.
Management of the data is truly what it boils down to. Data comes in many forms. We work with the data in paper format, in Word documents and Excel spreadsheets as well as in Banner and other data bases. Some systems are even located in cloud solutions located on the Internet. wherever the solution is located it is essential that how we treat the data and the systems that administer that data is of the utmost importance. It is this data and these systems that provide the reason for our doing what we do. When our actions damage this data then we place the academic mission on Middlebury at risk.
Avoid risky tools and applications, especially off of the Internet. if you need a tool for a job and you do not have one, the best course of action is to check in with User Services. They may already know of one that will do the job. Avoid browser toolbars and plugins. They may look neat or like they may simplify your daily tasks but they also may be making some hackers job much easier also. Protect the data. Keep information on your desk covered when possible. Lock your workstation when you step away. Use complex passwords and never share your account information.
Phishing Basics
Are you wondering how to spot a phishing attack? Here are some basic things to look for:
- Spelling mistakes: As many Phishing attacks originate in countries outside of the United States it is common to find grouse spelling errors in many of the messages.
- Unknown sender: Phishing attacks often say they are from a department you might now but the email address or the actual name used does not match to names used here at Middlebury. For example you might get an email from the Middlebury Email Support with an email address of XSD at 123.com First there is no Middlebury Email Support department and all of our email addresses end MIIS.edu or Middlebury.edu.
- Links: while historically legitimate vendors would not put a link in an email, this trend is going away. Today links in emails are becoming commonplace. Make sure you check these links before clicking on them. If you point to a hyperlink in Outlook it will show you the URL or destination address that the link points to. If you question the destination then you are better off browsing to the vendors home page manually or searching for them through Google or your favorite search engine.
- Content: Always question an email that promises to give money or asks for money. Likewise never give out passwords or personal information that have been solicited through email. Vendors such as banks identify themselves in email with unique credentials and will instruct you to contact customer service through a number that you already have. Likewise Middlebury User Services or other representatives of Middlebury’s Library and Information Services would instruct you to contact the Helpdesk rather than solicit information directly from you through an email.
Check out these other resources:
http://onguardonline.gov/articles/0003-phishing
http://www.middlebury.edu/offices/technology/security