Business Library

Safer Browsing for a Safer (and More Productive) Tomorrow

Brian Rubscha, CSSA - Network Engineer | SAGE Computer Associates

Rogue security software (also known as FAKE.AV) infections are on the rise. Writers of the malware have been able to spread their software from trusted sites like CNN.com to social networking sites like Facebook. Currently no antivirus software protects against Rogue Security Software and different versions are being spread every day. To protect against these attacks let’s understand how browsing to a safe site such as CNN.com can get you into the repair shop.

The vast majority of attacks start out like this: a Web site offers space on a page to advertisers to raise income, advertising companies pay for this landscape on popular pages. When you see an ad on your favorite Web site it is usually not coming from the Web site itself, but from another Web site that is showing the ad. Hackers start by taking over the ad site and attaching their software to the ad. When you browse to this Web site and the ad appears, it runs code in the background and attempts to bypass your browser’s security. Once through browser security, these rogue programs imitate real Windows Alerts and antivirus programs to fool you into believing they are real.

They demand your attention by notifying you of an infection and ask you to “click here” to view more information or to remove the virus. These alerts are frequently an overlay on your screen, much like taking a piece of plastic wrap, drawing a few buttons and placing it on your screen. That large overlay is one big button so no matter what you press (close or cancel) it is actually an “ok to install” according to the program. If you encounter this on your computer or have any questions, the best thing to do is to immediately shut down your PC. Do not interface with the alert. If it comes back after the reboot, contact your information technology personnel or provider.

However, if the button is pressed, the program is installed “legally” as you have authorized it. This “verification before installation” trick is why it is so hard to detect. Once the main part of the rogue software is installed it usually disables your real antivirus and firewall, and prevents you from running most other software. While doing this, the rogue software may pull down other harmful programs, such as Trojans for remote control and search tools to look for financial information which is sent to places that use that information to access your accounts.

To combat this, there are some tools you can use. Alternate browsers such as Mozilla Firefox and Google Chrome offer security add-ons and extensions that can help prevent bypassing browser security. An example extension is Ad Block Plus. Ad Block Plus blocks ads based on a safe vs. unsafe list before they are loaded by the browser. Unlike a popup blocker, it blocks ads on a normal page, not just popups. It not only protects you from getting infected from the ad, but it also speeds up your browsing by not loading them.

When all is said and done there are ways to avoid this bug. Safe browsing habits and added browser security tools will help you avoid most infections. If you do encounter something you are not sure of (or something you are sure is bad, but don’t know how to safely avoid), contact your information technology personnel or provider.