We routinely work with computers that are inundated with viruses, Trojans, botnets and other harmful types of malware. They’re often so bogged down running deceptive background processes that it’s impossible to browse the web or open your email program. Even though most systems have some sort of antivirus or anti-malware, it’s still possible for malware to get onto your system.
Adware, and other installer stowaways
So how does malware infect a system that’s already running antivirus? Simple: you allow it. That’s right – in many cases, the user actually gives the malware permission to reside on the system, either through a website or by installing a program which the malware piggybacks on. Even legitimate software like Internet web browsers and system utilities often come bundled with adware, which poses no real harm to your system, but can slow it down and become a true nuisance.
Much of the malware that gets installed also comes from what we call “click-throughs.” That’s when a user simply clicks the “Next” button repeatedly to advance the installation process of some software. Often times, malware or other “value added utilities” are set to install by default, and a user must manually uncheck the box to avoid installing the piggybacked software.
Be sure to pay attention while installing programs downloaded from the Internet – especially free ones, as these are more prone to have the value-added features mentioned above.
Scareware – a virus in antivirus’ clothing?
Another clever way that malware gets onto your system with your help is through the old scare tactic trick:
- Tell the user they have an existing virus
- Offer a web-based method to scan or remove (for a nominal fee, of course)
This one can be particularly difficult for non-tech-savvy users to avoid because, in some scenarios, the notifications are very convincing. Most often, this ruse originates through a web-based advertisement which warns the user that their computer is infected with malware. Once the ad is clicked, it initiates a fake scan of your system, reports that it found numerous instances of harmful malware, and directs the user to download the antivirus program in order to remove the detected threats. At this point, your system becomes infected with the purported antivirus program, and in many cases the software asks for payment to fully remove the “harmful files,” and I don’t need to explain to you why giving your credit card information to a phony antivirus company is a bad thing.
Pay attention when installing software
Of course, these issues ultimately come around full circle to a much larger enterprise related issue: why are your employees installing software on their computers without your consent? We’ll have to save that discussion for next time, but hopefully you’ve learned a thing or two about how malware can slip right under your nose and onto your system.
The next time you’re installing a free application, pay attention to what you’re installing, and never trust websites that say they’ve detected malware on your computer. 100% of the time, they are the malware. By being aware of these threats and using a little more discretion when interacting with programs or websites, you should be able to reduce the amount of malware on your network.
— Edit 5/4/2011 —
Interestingly enough, someone in our web department experienced a scareware attack the day after this article was released and recorded the incident.