Same Old Question Makes Me Get a Bit Cynical! – How Did I Get Infected?
Some things never change, such as hearing customer after customer say “How did I get infected, I’ve got Norton?”. Well, I’m not going to make this article about a Norton smear campaign, it wouldn’t be fair if I didn’t also mention McAfee, Computer Associates, Trend Micro, AVG, Webroot, Avast, and several other lesser known products (although McAfee acquired a nifty free tool that helps to identify bad websites – more on that later). Yes there is a much better AntiVirus product available…more on that later as well.
I ultimately get asked what can be done to prevent from ever getting infected again. People who know me know I will answer “Stay off the internet”. Then I’ll wait a second to get their usual reaction of disbelief and frustration when they think I am telling them they can never use the internet again. Then I’ll say something like “there is no magic pill you can take for complete protection, it is going to take a few quality security products and some ongoing education to keep safe, but it can be done, only it will take some real work”.
But What if I use the Very Best AntiVirus Product Available?
Even the Very Best AntiVirus Product (which I said I’ll mention later) can’t offer complete 100% protection. But of the ones that did get re-infected after using the best antivirus product available, most of them had let their subscription expire for many months. They got their computer back from the shop running fast again, and many of them went back to their same old bad internet habits and eventually let their antivirus program expire. It would only be a matter of time before they were infected again. These ones will end up spending 4 times as much to repair their computer than the renewal fee would have cost, and they will still end-up having to shell out even more bucks for the renewal anyway, and possibly even more if their subscription lapsed past the renewal grace period. To be fair, we just can’t warrant a repair for a re-infection unless your computer leaves the shop with a current ICSA Labs certified antivirus program. We liken it to a recovering alcoholic who received a liver transplant, but later had liver problems again because he started drinking again. It just wouldn’t be fair for him to receive another liver transplant.
Now that we are past the cynical part of this problem, let us discuss some of the tactics the bad guys use so we can eventually learn how to avoid them.
But I swear I didn’t download anything?
You don’t have to knowingly and intentionally download anything to get infected. Most computers we see are missing years of security updates and either have no antivirus or expired virus protection making them vulnerable to exploits that don’t require any action from the user other than just visiting a malicious web site. A past study about the safety of searching the internet by Ben Edelman (a reputable anti-spyware expert), and Hannah Rosenbaum (McAfee Site Advisor research analyst) revealed what we all know already, that searching the web can be dangerous. They found that many search results from popular search engines (especially the paid sponsored links) would often have links to spyware and malware websites.
In this study, they used almost 1400 popular keywords to determine whether the organic (non-paid) and sponsored (paid) search results led to malicious sites. Using the most popular search engines such as Google, Yahoo, MSN, AOL, and Ask.com, it revealed that about 8.5% of the sponsored search results led to web sites that distribute malicious parasites, host drive-by exploits, or gather email addresses for spam. About 3% of the organic search results were found to be harmful.
So what were some of the most dangerous keywords?
Among the worst keywords were “free screensavers, bearshare, winmx, limewire, music download, and kazaa”. For example, 64% of the results for “free screensavers” linked to malicious web sites. They also noted that specific keywords used for searching the names of celebrities, singers, and bands also led to dangerous web sites.
Were the safety of the results from all the search engines the same?
Actually, the researchers discovered that the safest results were produced by MSN, which only contained 3.9% of malicious links, and Yahoo! with 4.3%. Google and AOL were in the middle of the pack with about 5.3%, with the worst being Ask.com, which contained 6.1% dangerous links. As a rule of thumb, I always remove the Ask.com toolbar.
It truly is a jungle out there when surfing the web, and every computer user should be careful about what websites they visit when choosing sites based on search engine results. Despite search engines’ efforts, there are just too many sites trying to deceive unsuspecting users. These tricky sites cover a wide range of content areas, keywords, and business models. The fact is that there is no simple answer about how to stay safe on the internet. Actually, the concept about how to keep safe is simple, actually doing it takes some education. So don’t count on the search engines for protection, because search result rankings do not reflect site safety. Computer users are especially at risk when visiting paid search engine advertisers.
Why are there so many infected websites?
The perpetrators of these malicious web sites want to infect as many computers as possible to reach their goal. And their goal is almost always about money, whether they deceive you into directly spending your money at one of their web sites, or through spam marketing, or worse yet if they manage to steal your financial information. But the money they make doesn’t necessarily even have to come out of your pocket, maybe they just want to remotely control your computer without your knowledge so they can hide and do their dirty work to others. Apparently, it is a very effective way of marketing or it would have stopped. Marketers do business where the people are, or in this case, where the internet traffic is. Any money you shell out might actually get you exactly what you wanted for a fair price, and delivered right to your door on time. It might also be for a fake antivirus product that crashes your computer. Whatever the case, every time they get paid just helps them to keep employing their scummy tactics that eventually harms your computer. It would just be better for us to avoid their websites all-together. You wouldn’t go into a real store if you saw evidence of the owners’ using deceptive advertising to sell you cheap knockoffs would you? Maybe they actually sold you a quality product after tricking you into their store, but afterwards they caused your car to break-down so you couldn’t get home. Get it? Your computer is the car that got you there. Nothing good comes out of doing business with these guys.
What are the most infected types of web sites?
Whatever attracts the most readers, the most views and the most downloads is likely to be peppered with malicious web sites. And what are these sites? The answer is usually the same, they are the sites addressing the most recent and the most urgent problems, or the sites with the biggest news. You can also be sure that adult sites, gambling sites, free music downloading, and pirated software sites are extremely high-risk sites as well. Putting aside the morality issue with these sites, you can probably find and abundance of spyware safe sites in just about any category if you do some homework. Don’t play Russian Roulette with your computer. But even after saying all this, I will be so bold as to say that most of you will eventually get re-infected anyway, because the path of least resistance to the websites you want to see is the path without investigating if the site is safe or not. Some of you are probably infected already and just don’t know it yet. Maybe you put too much trust in Norton as I mentioned at the outset, and think everything is fine because it comes up clean. The hidden problem will eventually reveal itself as it gets worse. And then there are some of you who don’t even try to avoid the problem and just factor in the cost of spyware removal as part of the cost of having a computer. The way the economy has been, we thank you for your business, but really, we truly would rather earn our living by helping you use your computer to the fullest, not by treating it like someone who gets a common cold every year for which there is no cure. Is the key prevention? Yes! Prevention is the Key. The Key is Prevention., how many more ways can I say it?
OK I believe you already! What do I need to do?
If you are already infected, you will save your hair by just turning off your computer and bringing it in to your nearest reputable neighborhood computer repair shop (not the big boys). Small shops are much more concerned with their reputation and will usually have a very experienced technician on-site, whereas the big boys seem to be more trained at marketing solutions than actually performing them. They don’t pay as well and probably won’t be able to keep any talented techs for very long, so they usually have a high-turn-over rate for technicians.
One of the most common types of infections today are the fake AntiVirus programs. The one below called “Antivrus 2009” was a particularly nasty one that was difficult to remove. Even when you did all you thought you could possibly do after running hours of running scans and manual cleanup, you could still tell you were infected once you opened your internet browser because it was hijacked. The worst part of this one was that it also caused you hard drive to appear as “raw” and you would not be able to run a chkdsk or defrag. We had to reformat several of these machines until we figured out how to get rid of the rootkit (invisible Trojan) that usually came along with this infection.
To learn about what the Very Best AntiVirus product available is, visit AntiVirusKing.com. It is called ESET Nod32 Antivirus and we have been using it on our computers for over 4-1/2 years so we know that it works.
Visit back next week for the 2nd part of this article, where we will discuss more product recommendations (some are free) as well as some powerful techniques that you must know these days that just might get you out of a jam when you see one of these Fake AntiVirus programs pop-up for the first time. Your next click may make the difference between having to lug your computer into the shop or not. But if it is too late, we may be able to help you recover on your own. We are not going to teach you how to be expert spyware removal technicians, but we can point you to some freeware programs you probably never heard of that are part of our arsenal of secret weapons we use everyday.
