A Major Crackdown Security Pros: When Antivirus Is A Virus

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 7

When antivirus is a virus

Fake antivirus scams haven’t gone away. Even though a major crackdown of an Eastern
Bloc criminal network by Russian police in 2011 significantly reduced the number of
attacks, security pros still spend precious hours cleaning viruses from infected computers.
Experts say that’s because users often fail to upload necessary software patches that are
designed to prevent infections. So step one in avoiding an attack is keeping your software
up-to-date. The next step is knowing what to look for.

A cruel twist
It takes a savvy criminal to convince you that they have the solution to a problem, when in
fact they’re source of it. It’s like when you go to a doctor for high cholesterol. Only instead
of Lipitor, he has you eat bacon. And instead of exercise, he has you sit on the couch and
watch TV. And instead of being a doctor, he’s actually a stent salesman.

Fake antivirus works much the same way. It masquerades as virus protection, using names
that sound convincing, like “Anti-Virus Pro” or “Defender Pro.” At first, it appears on your
screen as an antivirus scanner. It pretends to find malware on your machine and provides a
link to download software that presumably cleans the virus from your computer. In reality,
it’s not detecting anything.

Clicking on the link launches a barrage of pop-up alerts and warnings, and disables utility
software on your computer that you might use to stop them, like Task Manager. Then,
you’re presented an offer to “clean” your computer and get rid of the pop-ups for a fee. As
scams go, it’s pretty effective. One criminal network reportedly netted almost $50 million in
fraudulent payments over the course of a year.

Fake antivirus is distributed by sophisticated organized crime networks that share in their
ill-gotten gains. They’re comprised of affiliates that agree to distribute the viruses through
their websites in exchange for a commission, payment processors who charge higher fees
for suspect vendors with spotty records, and the criminals who engineer the software and
provide support services.

Three ways in
If you know what to look for, you can better defend yourself. There are three common ploys
the bad guys use to infiltrate unsuspecting computer users. The first is social engineering,
which we alluded to above. This is where the attackers present a scenario (your computer is
infected) in order to elicit a behavioral response (click link to exterminate the virus). Of
course, the link is the fake antivirus that the criminals are looking to install.

The next method is a drive-by download. This is where an innocent-looking website hides
malicious scripts that infiltrate software vulnerabilities that exist because the user hasn’t
installed security patches. In this scenario, the fake antivirus is installed automatically,
without the user having to do or agree to anything.

The last method is called “blackhat SEO,” where attackers manage to get their ads
displayed on legitimate online ad networks. Known collectively as “malvertisements,” they
secretly install fake antivirus software without the user knowing or giving permission.

1|Page
What to do if you become infected
If you can’t run Task Manager to force quit the offending pop-ups or get rid of them using
antivirus software, you may have to restart your computer in “safe mode.” Read these
instructions on how to remove malware from your system in safe mode. If that doesn’t
work, your best bet is to consult a computer security specialist. It’s also a good idea to file a
complaint with the FBI’s Internet Crime Complaint Center.

An ounce of prevention
Now that we scared you about fake antivirus, we need to emphasize how important is that
you use real antivirus from a reputable vendor and make sure it’s updated. Most solutions
will catch about half of the viruses in circulation at a given time, which is far better than not
having any antivirus protection at all. For the remaining half, you should make sure you
have a true cloud backup solution like Carbonite.

Computer Viruses and Antivirus Software

What are computer viruses and what kind of damage can they do to a computer?

Computer virus is a programme that is not orientated towards the computer user and its
actions do not serve the interests of computer user. The virus is meant to disrupt the work
of the computer, corrupt the data stored on the hard disk, create access rights for other
users/hackers, collect passwords and forward them, etc. The computer viruses can also slow
a computer network down to a standstill by creating excess network traffic.

The viruses that spread by e-mail send virus-infected e-mails to a random e-mail address
from a random sender.

The so-called printer viruses have also started to spread. These viruses search for a non-
password-protected printers in a computer network and try to use up all the paper in a
printer.

Many viruses activate on a specific date or under specific conditions and can do irreparable
damage by corrupting the computer's BIOS ROM and/or all the information on the hard
disk.

How do computer viruses spread?

Unlike flu, the computer viruses spread in any time of the year. They spread with files on
floppy disks and CD-s, also via computer networks by e-mail and shared resources, using
the so-called security holes.

Many computer users have discovered at one moment that their files have been corrupted
and the data cannot be restored, or that the computer is acting weirdly and does not allow
carrying on with the normal daily work. Very often these situations are caused by computer
viruses.

The primary indicators that a computer has been infected by a virus are the following:
• Some programmes work slower.
• The file sizes rise (especially for editable files).
• The appearance of suspicious files that did not exist before.

2|Page
• A significant decrease in available system memory compared to the normal work situation.
• The appearance of unexpected video and/or sound effects.

In case you detect any of the abovementioned symptoms or other suspicious occurrences
(unreliable working conditions, frequent spontaneous reboots etc.) while using your
computer, we advise you to immediately check your computer for viruses.

What should be done to avoid computer viruses?

Check that your Windows or other operating system has installed the latest security patches
or updates.

 When using Win95, 98, ME, and XP go to the Windows Update website, the most important
updates being the ones labelled Critical updates.
 Administrators of NT and Win2k systems should definitely check that the latest service pack
has been installed on the computer. In the case of NT 4, the cumulative hot-fix pack and IIS
updates should also be installed.

Configure your Windows so that you can see the file name extensions. As a rule, these are
3-letter abbreviations, based on which Windows understands whether it is dealing with a
Word document (.doc) or a programme (.com, .exe, .bat, .vbs, .pif). If you are sent
anything resembling a programme file, do not open it.

To allow the displaying of file name extensions, open any folder, My Documents for example
and select Tools/ Folder Options, then View and remove the check from the Hide extensions
for known file types checkbox. Now you can always see if you have received a Word
document or a malicious virus.

Treat e-mail attachments with caution even if the sender is someone you know. The
attachment may have been sent by a virus in his/her computer without the owner's
knowledge. If the message in the e-mail does not explicitly state why the e-mail contains an
attachment and that it is indeed the wish of the sender to open this attachment, please
phone the sender and confirm the intentions. When you are attaching a file to an e-mail
yourself, you should add a description of what files are in the attachment and why - the
recipient will feel safer opening it.

The files spread in internet newsgroups and chat rooms should be treated with an even
greater degree of caution.

Use a personal firewall to protect your computer from hackers and internet worms looking
for security holes, but also in order to block the viruses that have already infected your
computer from communicating with the outside world. You can download a free ZoneAlarm
firewall meant for personal use from the following address: http://www.zonelabs.com.

Be sure to use antivirus software!

Antivirus software

In order to secure your files and for the sensible use of your working time you should use
antivirus software in your computer. Although these do not offer a 100% guarantee that
your computer will not be harmed by viruses, they do help to detect and remove the

3|Page
majority of computer viruses that are spreading at the moment.

Antivirus software is useless, if it does not update its virus definitions at least once a day,
because the newest viruses spread in a day's time. For example, the Nimda virus infected
2,2 million computers in one day. It only took two to three hours for the manufacturers of
antivirus software to make the necessary adjustments to their software.

The University of Tartu has bought a Symantec Antivirus license for all its computers. SAV
site-license automatically extends to all the home computers of the employees and faculty
members. This means that for each license bought for an office computer, the software can
also be installed in one home computer. The licenses are valid for 1 year and must be
updated yearly.

Here you will find the Installation guide for the Symantec Antivirus. For more information
about the licenses purchased by the structural units, please contact the IT-department
(Riina Reinumägi, riina@ut.ee).

Other known antiviruses include Norton Antivirus, F-Secure, McAfee and Norman.

Free antivirus software has lately become a rare occurrence. Nevertheless, it is possible to
download the free antivirus software AVG 6.0 Free Edition from the AVG AntiVirus page
at http://www.grisoft.com/ . In addition, free antivirus software for personal use called
AntiVir Personal Edition can be downloaded from http://www.free-av.com. The full version
of the same software can be purchased from http://www.hbedv.com.

If a virus has already infected a computer, it is often not possible to install antivirus
software in it. In such a case you should run the F-Prot antivirus software from the samba
disk on the math server. To do this in a Windows computer, open the Start menu, click Run
and enter the following text into the Open text field in the new window:
"math.ut.eesambaF-prtf-prot.exe".

Conclusion

This is a suitable place to remind you that when working with a computer, the rule-of-
thumb is "better safe than sorry". This means the following:
 always make backup copies of your files,
 check all floppy disks, CD-s and files downloaded from the internet for viruses,
 do not allow your computer to be used by random acquaintances,
 update your antivirus software at least once a month.

What is a computer virus?

A computer virus, much like a flu virus, is designed to spread from host to host and has the
ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce

4|Page
without a host cell, computer viruses cannot reproduce and spread without programming
such as a file or document.

In more technical terms, a computer virus is a type of malicious code or program written to
alter the way a computer operates and is designed to spread from one computer to another.
A virus operates by inserting or attaching itself to a legitimate program or document that
supports macros in order to execute its code. In the process, a virus has the potential to
cause unexpected or damaging effects, such as harming the system software by corrupting
or destroying data.

How does a computer virus attack?

Once a virus has successfully attached to a program, file, or document, the virus will lie
dormant until circumstances cause the computer or device to execute its code. In order for
a virus to infect your computer, you have to run the infected program, which in turn causes
the virus code to be executed.

This means that a virus can remain dormant on your computer, without showing major
signs or symptoms. However, once the virus infects your computer, the virus can infect
other computers on the same network. Stealing passwords or data, logging keystrokes,
corrupting files, spamming your email contacts, and even taking over your machine are just
some of the devastating and irritating things a virus can do.

While some viruses can be playful in intent and effect, others can have profound and
damaging effects. This includes erasing data or causing permanent damage to your hard
disk. Worse yet, some viruses are designed with financial gains in mind.

How do computer viruses spread?

In a constantly connected world, you can contract a computer virus in many ways, some
more obvious than others. Viruses can be spread through email and text message
attachments, Internet file downloads, and social media scam links. Your mobile devices and
smartphones can become infected with mobile viruses through shady app downloads.
Viruses can hide disguised as attachments of socially shareable content such as funny
images, greeting cards, or audio and video files.

To avoid contact with a virus, it’s important to exercise caution when surfing the web,
downloading files, and opening links or attachments. To help stay safe, never download text
or email attachments that you’re not expecting, or files from websites you don’t trust.

What are the signs of a computer virus?

A computer virus attack can produce a variety of symptoms. Here are some of them:

 Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or
they might prod you to download antivirus or other software programs.
 Changes to your homepage. Your usual homepage may change to another
website, for instance. Plus, you may be unable to reset it.
 Mass emails being sent from your email account. A criminal may take control of
your account or send emails in your name from another infected computer.
 Frequent crashes. A virus can inflict major damage on your hard drive. This may
cause your device to freeze or crash. It may also prevent your device from coming
back on.

5|Page
 Unusually slow computer performance. A sudden change of processing speed
could signal that your computer has a virus.
 Unknown programs that start up when you turn on your computer. You may
become aware of the unfamiliar program when you start your computer. Or you
might notice it by checking your computer’s list of active applications.
 Unusual activities like password changes. This could prevent you from logging
into your computer.

How to help protect against computer viruses?

How can you help protect your devices against computer viruses? Here are some of the
things you can do to help keep your computer safe.

 Use a trusted antivirus product, such as Norton AntiVirus Basic, and keep it updated
with the latest virus definitions. Norton Security Premium offers additional protection
for even more devices, plus backup.
 Avoid clicking on any pop-up advertisements.
 Always scan your email attachments before opening them.
 Always scan the files that you download using file sharing programs.

What are the different types of computer viruses?

1. Boot sector virus

This type of virus can take control when you start — or boot — your computer. One
way it can spread is by plugging an infected USB drive into your computer.

2. Web scripting virus

This type of virus exploits the code of web browsers and web pages. If you access
such a web page, the virus can infect your computer.

3. Browser hijacker

This type of virus “hijacks” certain web browser functions, and you may be
automatically directed to an unintended website.

4. Resident virus

This is a general term for any virus that inserts itself in a computer system’s
memory. A resident virus can execute anytime when an operating system loads.

5. Direct action virus

This type of virus comes into action when you execute a file containing a virus.
Otherwise, it remains dormant.

6|Page
6. Polymorphic virus

A polymorphic virus changes its code each time an infected file is executed. It does
this to evade antivirus programs.

7. File infector virus

This common virus inserts malicious code into executable files — files used to
perform certain functions or operations on a system.

8. Multipartite virus

This kind of virus infects and spreads in multiple ways. It can infect both program
files and system sectors.

9. Macro virus

Macro viruses are written in the same macro language used for software
applications. Such viruses spread when you open an infected document, often
through email attachments.

How to remove computer viruses

You can take two approaches to removing a computer virus. One is the manual do-it-
yourself approach. The other is by enlisting the help of a reputable antivirus program.

Want to do it yourself? There can be a lot of variables when it comes to removing a


computer virus. This process usually begins by doing a web search. You may be asked to
perform a long list of steps. You’ll need time and probably some expertise to complete the
process.

If you prefer a simpler approach, you can usually remove a computer virus by using an
antivirus software program. For instance, Norton AntiVirus Basic can remove many
infections that are on your computer. The product can also help protect you from future
threats.

Separately, Norton also offers a free, three-step virus clean-up plan. Here’s how it works.

1. Run a free Norton Security Scan to check for viruses and malware on your devices.
Note: It does not run on Mac OS.
2. Use Norton Power Eraser’s free virus and malware removal tool to destroy existing
viruses. Need help? A Norton tech can assist by remotely accessing your computer to
track down and eliminate most viruses.
3. Install up-to-date security software to help prevent future malware and virus threats.

https://www.carbonite.com/blog/article/2016/04/when-antivirus-is-a-virus/
https://www.ut.ee/en/university/it-info/howto/9129

7|Page

You might also like