Free PC Security: Malware - The Growing Enemy

/Home/Internet Security: Blogs/Internet Security: Free PC Security blog

December 16, 2009

Many users have compromised their PC Security by downloading fake antivirus programs. This is also known as scareware or rogueware and many also look very authentic, as well as freely available security programs being sold by unscrupulous criminals who say they provide a ‘backup’ service for which users pay. Many of the free security programs also have their own free forums or help centers.

As was expected, 2009 was a bumper year for the rogue software vendors. These are highly organised businesses run by criminals and it is estimated that they have made over $150 million USD by mid June of this year alone and 2010 the trend will become even more aggressive.

Malicious programs are being created at a higher rate than good programs and users need to look for the software’s reputation before downloading it.

Don’t become a victim! Cyber criminals use botnets to push the software and use advertisements on websites to deliver it as well as having their own dedicated sites. More and more of these are using ‘fast flux’ techniques to hide phishing and malicious sites behind an ever-changing network of compromised hosts acting as proxies.

By downloading the rogue application users are out of pocket when they pay for it, install further malware onto their machines and can easily become the victims of fraud and ID theft. The majority of these fake programs require payment via credit card, and users supply the information, many of the sites also have secure servers to make it appear more authentic.

Research the name of ANY product before downloading, Google it, use the Web of Trust browser add-on which will warn you of dangers, check with McAfee Site Advisor

If you have popups while you are browsing and fake scans, close your browser – hit Alt+F4. Close the prompt window to download the fake program or simply shut down your computer.

So many users fail to see the signs and allow the download and then install the program. It will find maybe just a few problems to a couple of hundred, but will constantly prompt the user to ‘upgrade’ to the full version to remove the threats. These programs ARE the threats as they install viruses, trojans, keyloggers, bots and so on.

They hijack browsers, changing the users home page and search page, and searches redirect users to further malicious downloads.

Prevention is so much easier than the cure. One thing that many users fail to do is to create an image of their system while it is clean. Malware can and does infect Restore Points, so by trying to be clever and simply restoring the computer to a few days prior to the malware being downloaded can lead to further problems in the future.

URL shortening services are another weapon that aids the cyber criminals. They post their malicious links on social networking sites such as Facebook, Twitter and so on. Users have NO idea where that link will take them, although some allow a preview such as http://preview.tinyurl.com/codw73. I’m guilty of using shortening services too, I use the CloudBerry Twitter Plug-in which uses chilp.it to tweet new posts or articles that I find interesting.

As technology advances so do the methods employed by the cybercriminals. They employ others to break CAPTCHA’s and also target Instant Messengers. Symantec estimate that 1 in 78 links in IM’s in mid 2009 were believed to be suspicious or malicious and expect this to increase to 1 in 12 hyperlinks in IM’s through 2010.

So, how do you protect yourself?

Do not use an Administrator account for daily use, create another account without administrator rights make it less likely that malware can be downloaded and installed.

As previously mentioned, make use of the WOT add-on and Site Advisor. Backup your system with an image. Most drives are now big enough to be partitioned and external drives are also quite cheap, so create a clean image to an external device. Macrium Reflect is a free and easy tool to use to create an image, but with Windows 7 there are a few glitches such as being unable to browse for the image created, so Windows 7 users should use the built-in ‘Create a system image’ which can be found in the Control Panel > Backup and Restore.

Below is a list of programs with which to protect your computer, partition drives and create images as well as some of the popular malware removal tools. All of these are free for home users and some have a paid upgrade, but the free version remains free.

Disk Partition: Easeus Partition Manager

Disk Image: Macrium Reflect

Surf In A Sandbox: Sandboxie – How To Use Click Here

Windows Steady State – XP and Vista 32Bit only

Browser and surfing protection:

Web of Trust add-on for Internet Explorer and Firefox

Web of Trust add-on for Google Chrome

Web of Trust add-on for Opera – Created by PH

K9 Web Protection and Parental Control

Site Advisor

Protection Programs:

WinPatrol 2010

SpywareBlaster

Spybot Search & Destroy

Threatfire Security Monitor

Malware Removal:

A-squared

CCleaner

DrWeb CureIt!

FreeFixer for Windows

Malwarebytes Anti-malware

Norman Malware Cleaner

Rootkit Remover

SUPERAntispyware

System won’t boot, use Rescue System CD’s

Click here for Browser Hijacks:
http://www.freepcsecurity.co.uk/2009/12/18/malware-removal/#Browser_Hijacks

All of the above are commonly used tools. Users should also have a good Hosts file, Spybot S & D will create a basic Hosts file and this can be added to by using HostsXpert or HostsMan

Some of these tools are portable and can be installed on USB sticks or your hard drive. There are more specialist tools which are not listed as they need to be used with proper supervision.

Please note: On Vista and Windows 7 some of these need to be Run as Administrator or with UAC disabled.

Basic Computer Security lists some of the programs listed here and further advice and also more information in the A – Z Index:
http://www.freepcsecurity.co.uk/2009/05/05/basic-computer-security/
http://www.freepcsecurity.co.uk/a-z-index/