Move over H1N1; recent months have seen an uptick in a particularly sinister breed of virus, commonly called scareware.
This form of malware disguises itself to appear as though it is an anti-virus or anti-spyware program, when, in fact, it is exactly what it claims to prevent. Often, the rogue software will appear as a red shield in the system tray very similar to the yellow windows update icon, or in a web browser window designed to look just like Symantec or a similar anti-virus program interface. It will alarm the user that the computer has already been affected with spyware or malware, and urge them to click to scan the computer or clean the viruses off the hard drive. Of course, this will only download further malware, or require the user to purchase a registration key and refuse to remove the infection until that is done.
So far, we have observed a variety of organizations pick up malware of this kind. Symantec’s virus and malware definitions seem to be just a shade behind some of these strains, as even the latest Endpoint Protection services have not prevented users from getting these viruses. The confusing nature of the messages that users are prompted with make it especially likely that the average user will be unable to realize that what they’re being prompted to do is in fact harmful to their system. Furthermore, some of the programs can be particularly difficult to deal with; in one instance, a user downloaded a version that copied in a doctored version of a Windows DLL, and proceeded to kill any process attempting to scan and immediately alter permissions on the corresponding executable such that it could not be executed by the user again. In this case, the easiest and most efficient solution was to back up the critical data and reimage.
There are other tools which may help. Malware bytes has proven to be a very effective solution in identifying and removing such scareware. Malware Bytes is a freeware program that can be downloaded at www.malwarebytes.org