By now you’ve no doubt visited at least one website, usually one that appears in page one of Google’s search results, that does a redirect and all of a sudden, what appears to be a virus scanner is now running on your computer screen. It may look something like the window below.
Click on the image for a larger version of it.
Most of the popups are harmless, but the last one is an attempt to get you to download an executable file that, if you open it, invariably will end up taking you to a site where you’ll have to put in your credit card number to pay for the virus scanner to remove the viruses and to ‘keep you safe’.
Downloading an .exe file won’t do anything by itself, but if you open an ‘.exe’ file, then all bets are off, because it can do anything it wants, including installing a real virus, which would not be a stretch for a company that is trying to steal from you already.
The safest place to click on the pop-up windows are on the red X’s in the upper right hand corner to close them, but sometimes you’ll find that you can’t get out of the web page or browser because they keep popping up. If your browser keeps a ‘memory’ of the sites you were on when it closed (like Firefox does), it feels like you can’t get rid of the offending site. But there is a way to safely extract yourself from the clutches of these evil doers.
There are a number of real virus scanners out there, and a popular one is AVG. You can download and install it for free, although it may do some unsavory things such as change your default search engine to Yahoo and install yet another toolbar. These things are easily reversed, of course.
So, you might wonder, how does this happen that a website ends up in page one of Google’s search results and yet is a site that is so obviously evil that it’s trying to extort money from you? It’s usually done by cloaking. When Google’s search bots go looking to index websites, these sites give the search bots a different page filled with keywords that look like an exact match for what you’re searching for so they score high enough to reach page one. However, when the website detects a real browser, it will redirect it to another website that tries to convince you that you have a virus and now must buy some protection. Google and other search engines hate cloaking, but they have a hard time detecting it, since a website can tell whether it’s being visited by a search bot vs. a browser.
If you’ve visited a site like this, you should to do a real virus scan, particularly if you allowed it to download and execute the .exe file. As long as you didn’t open the .exe file, you’re probably OK, but for peace of mind, a scan with AVG or similar virus scanner may help your computer feel just a little less slimy after visiting one of those sites.
Handy post, I will be tweeting this page on my Twitter page soon. Great blog, Lee!
Very good post, these false viruses are very amusing at times, being such a dead giveaway that it’s a fake; such as not ever leaving the internet browser, which would be very unlikely for a anti-virus or the ones that have such an extreme # of viruses listed, that it would not be possible for a computer to run if it had that much malware on it.