Whilst on Facebook last night, Emma visited one of the app pages she'd been to before (some kind of family tree app I believe it was). As the page was loading a pop-up appeared warning her that her PC as infected and offered to scan the machine. Hopefully at least about half of you can guess where this story is headed (if not the exact next course of action).
Despite constantly telling me I shouldn't be allowed anywhere near computers (as I tend to break them and are forever re-installing Windows, but as I try to tell her, that's partly due to the fact that I'm forever tinkering to try and learn more), she called me down from upstairs to advise.
As it happens I recently started running the free Microsoft Security Essentials pack (after a year with Avira Premium, which in all fairness caused me no end of trouble by being over secure), and although thus far I've never seen MSE flag a warning, I was pretty sure that this just looked like a web dialog box, and so told her to click the 'Cancel' button. That was probably the wrong thing to do but all that happened was the same dialog box appeared again. This time I told her to click the Close icon (the [X] button in the top right) and the dialog disappeared to be replaced with what looked like a windows explorer dialog with a scan taking place on the hard drives. This scan reported to find countless instances of malware and trojans.
I'll admit at this point I did a double take, again possibly due to the fact that (as yet) I've not been hit by a nasty while running the Security Essentials suite. That was only for a split-second I'm pleased to say, and a quick look at the icon in the top left of the window showed this was indeed another web page trying to scare us into buying a real trojan. We closed the web page, performed a quick scan via MSE (which took much longer than the full scan from the bogus web page) and sure enough the machine was reported as clean.
I was very impressed with this attack. The crooks had done a decent job and your average user, especially those who don't know about this variety of scam, would have been scared and possibly very tempted to download the 'cure', probably paying for the privilege.
Needless to say Emma has deleted this application from her Facebook list.
So what can we learn from this:
1. Beware of this type of scan.
2. Download security software and keep it up to date. Always go back to this to check if you suspect anything untoward is going on. No virus checker will catch everything, but at least you'll be starting from a point you trust.
3. Your main (day-to-day) user accounts should not be set up at an administrator level. Create an administrator account (or two if you are not the only user) and only use this to install software. For day to day usage use a user-level account, as you would under Unix. On this machine Emma’s user hasn't got Admin rights, so she would have needed to jump through many hoops to get the fake software to install. It's not foolproof, but it's actually one of the best defence approaches out there.
I'd also like to suggest to the suppliers of security suites that they have example dialog screen shots for users to refer to. The only time I paused to consider if this was real or fake was because I've never seen the real warning from Microsoft Security Essentials.
I'll be doing a full scan on the machine later this week, but I think it's 1 - 0 to us this time. Well done Emma for being on the ball too! Many wouldn't have been.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment