Scareware – Is it a Halloween Treat?

cartoon_skeletonThis weekend I had to fix my dad’s computer after it got a Scareware popup. This Scareware was rather different than anything I’d approached before; when the popup appeared asking him to purchase via credit card some bogus software to “fix” his viruses, it also locked up his programs so that nothing else would work. He couldn’t open his virus program, email program, Microsoft Word, or anything else. Except, of course, for Internet Explorer, which redirected him immediately to a page where he could put out $80 via credit card to “fix” his access. “Scareware” is a term being used to describe malicious software and/or popups that ask a user to pay a fee to have the “virus” removed by bogus software.

Dad’s smart, he called me. Not only was the virus “vendor” (term being used loosely here) going to gank $80 of my dad’s hard-earned retirement money, they were also going to be in possession of his credit card information, which could have been shared with who knows what kind of nefarious individuals.

I headed straight over there with my laptop, downloaded HiJackThis to a flash drive, which I was then able to pull up on Dad’s machine and run. It immediately took care of the removal. There are some great instructions on using this tool here and here. These are both sites I trust. The first link has really easy instructions, follow them to the letter, and you’ll have no trouble. The second link includes manual removal instructions, which also work but are more time-consuming.

Dad doesn’t know where he got the trojan to begin with; it would have either been from a bugged web page, or possibly from a link in an email. And he got it by using Microsoft Internet Explorer, not Firefox. I had to reset the default browser (I suspect the Trojan had affected this somehow), and make IE a little harder for him to find and click on. To him, the two programs are the same and he doesn’t understand the difference. I also re-activated the AdBlock Plus Plug-in, another “hold” I think could be used to install a Trojan/popup on a system. We’ll see if all of this works. 24 hours later, I’ve received no additional panic calls from Dad.

The virus and trojan makers are getting slicker and slicker. Our protection tools can’t keep up with everything; Dad’s anti-virus was up to date and his Spyware and Malware programs were running once a week at night and fixing problems. But that wasn’t enough to keep him from being infected. And how many people, besides techies, would know how to remove these malicious pieces of software once they get installed, much less know where to look for the tools to do so?

This is another one to watch out for, I fear. It will only get worse.