Lee's personal website, blog, and FAQ's
RSS icon Email icon Home icon
  • Fake Virus Scanner Scams

    Posted on January 31st, 2010 Lee Devlin 2 comments
    Share

    By now you’ve no doubt visited at least one website, usually one that appears in page one of Google’s search results, that does a redirect and all of a sudden, what appears to be a virus scanner is now running on your computer screen. It may look something like the window below.

    fake virus scanner

    Click on the image for a larger version of it.

    The image on the screen is animated with the green bars filling in and the % complete changing, and shows that it’s scanning your drives for viruses. It finishes in a surprisingly short time. However, it’s just a JavaScript animation, nothing more, and it’s not doing anything with your files because browsers cannot open your computer’s files without your help. Invariably, it will find threats and invite you to download a product to ‘fix’ them. The other messages that pop up may look like the following:

    Most of the popups are harmless, but the last one is an attempt to get you to download an executable file that, if you open it, invariably will end up taking you to a site where you’ll have to put in your credit card number to pay for the virus scanner to remove the viruses and to ‘keep you safe’.

    Downloading an .exe file won’t do anything by itself, but if you open an ‘.exe’ file, then all bets are off, because it can do anything it wants, including installing a real virus, which would not be a stretch for a company that is trying to steal from you already.

    The safest place to click on the pop-up windows are on the red X’s in the upper right hand corner to close them, but sometimes you’ll find that you can’t get out of the web page or browser because they keep popping up. If your browser keeps a ‘memory’ of the sites you were on when it closed (like Firefox does), it feels like you can’t get rid of the offending site. But there is a way to safely extract yourself from the clutches of these evil doers.

    You can disable JavaScript temporarily and all windows will close when you close them and the popups will stop. To disable Javascript on Firefox, just click on Tools->Options->Content and uncheck the box next to JavaScript. You can re-enable it after you’ve gotten out of the website. For Internet Explorer, to disable JavaScript, you can select Tools->Internet Options->Security->Custom Level and scroll to the “Active scripting” section of the list (under “Scripting”) Click Disable.

    JavaScript by itself cannot harm your computer, but if you give it help, by actually acting on the pop up messages and saying ‘ok’ or ‘yes’ when you’re in this situation, then you can do yourself some harm, and pay the price for what will be, at best, a useless virus scanner. It’s pretty hard to use the Internet these days with JavaScript disabled, because so many sites depend on it to work properly. So trying to disable JavaScript permanently isn’t really an option.

    There are a number of real virus scanners out there, and a popular one is AVG. You can download and install it for free, although it may do some unsavory things such as change your default search engine to Yahoo and install yet another toolbar. These things are easily reversed, of course.

    So, you might wonder, how does this happen that a website ends up in page one of Google’s search results and yet is a site that is so obviously evil that it’s trying to extort money from you? It’s usually done by cloaking. When Google’s search bots go looking to index websites, these sites give the search bots a different page filled with keywords that look like an exact match for what you’re searching for so they score high enough to reach page one. However, when the website detects a real browser, it will redirect it to another website that tries to convince you that you have a virus and now must buy some protection. Google and other search engines hate cloaking, but they have a hard time detecting it, since a website can tell whether it’s being visited by a search bot vs. a browser.

    If you’ve visited a site like this, you should to do a real virus scan, particularly if you allowed it to download and execute the .exe file. As long as you didn’t open the .exe file, you’re probably OK, but for peace of mind, a scan with AVG or similar virus scanner may help your computer feel just a little less slimy after visiting one of those sites.

     

    2 responses to “Fake Virus Scanner Scams”

    1. Handy post, I will be tweeting this page on my Twitter page soon. Great blog, Lee!

    2. Very good post, these false viruses are very amusing at times, being such a dead giveaway that it’s a fake; such as not ever leaving the internet browser, which would be very unlikely for a anti-virus or the ones that have such an extreme # of viruses listed, that it would not be possible for a computer to run if it had that much malware on it.

    Leave a reply

    CommentLuv badge