Some folks who visited the NYT’s web site over the weekend were greeted with a warning that their system was infected with all sorts of crap. Their ad system had been hijacked by folks posing as a legitimate client (in this case, Vonage) so that the false ads were served up, trying to get people to buy their worthless software.
This isn’t the first time this has happened, sadly. According to the story, FoxNews was hit in the past as well. While I know media companies are desperate for ad revenue, they need to be more diligant about screening this type of thing.
Personally, I wouldn’t lose a night’s sleep if the creators of these scam anti-malware products were to disappear off the face of the earth. In some sort of gruesome way would be fine, too.
Reading some comments on other sites about this, folks are debating various anti-virus products. Avast vs. NOD vs. Avira vs. whatever is a moot point if you don’t keep it regularly updated. I’ve had good luck with Avira, but I know people who swear by NOD and Avast. AVG is fine, but its spyware catching capabilities are pretty minimal in my experience. But for cripe’s sake, update it. So many new computers come with a 90-day trial of some sort of anti-virus product that will stop updating after 90 days (I’m looking at you, Norton). People have been just starting becoming accustomed to clicking “Ignore” on the sales pitch warnings that pop up, so they will have a two-year old computer with an anti-virus program that hasn’t been updated in a long time. Even if it isn’t that great of a program, it’s worthless if it’s out of date.
I’ve also heard folks saying “If Windows were up-to-date and patched, this kind of thing wouldn’t happen.” Sorry, that’s not always the case, either. Hidden PDF files exploiting weaknesses in Acrobat Reader have caused more trouble in the computers I remove malware from than Windows being out of date. (Generally the site’s that have these kinds of embedded PDFs are sites people really shouldn’t be on, but that’s another rant for another time.)
And lastly, you need additional protection on-top of your anti-virus program, as they won’t catch everything. I’ve had really good luck with Malwarebytes’ Anti-Malware and SuperAntispyware. Both have free versions, but each offers a for-pay version that offers real-time protection that is probably superior to whatever protection your anti-virus program offers. I keep copies of both on a USB key. And while some of these really nasty nasties (like one I ran into last week) will detect if you’re trying to run one of those programs and block it, a simple renaming of the executable will usually do the trick.
Comments
My protection and removal toolbox:
EndItAll
Ad-Aware
Spybot S&D
Malwarebytes’ AntiMalware
Ccleaner
HijackThis
I tend to install AVG for antivirus and have had good luck. TeaTimer that can be installed as a part of Spybot is a good way to protect from registry changes as it will prompt you when a program or service is atempting to change an entry.
Good list, good programs. The problem I’ve found with programs like TeaTimer is that people are dumb. They see something popping up saying that something’s going to load on startup, they say “OK, whatever” and click OK to confirm it. Vista UAC hasn’t helped this, and people are just getting used to clicking “OK” without reading anything any more.
Just wanted to throw out there that using the free version of any antivirus is a bad idea, the term “you get what you pay for” really comes into play when it comes to online protection.
I work at a local computer retailer, and every day I get customers coming in with viruses, trojans and rootkits alike, who have no idea why their free software won’t remove these serious issues.
For the price of just a few movie tickets, a person can protect him/herself against online threats for a whole year! Come on people, its not just a program – you need to buy the service that the program gives you so your identities and information are safe.
J Man: You don’t happen to work for Best Buy, do you? Geek Squad employees aren’t always the brightest bulbs of the bunch (though there are exceptions, and I know they have to hold the company line to make profits) and I’ve heard them on more than a few occasions recommend a pay-for solution over a fully functional free solution. I’ve been running free anti-virus and anti-malware programs on my personal computer for years and have never had an issue that one of those programs couldn’t take care of.
Really, what it comes down to is education. People need to be less stupid when it comes opening and clicking and confirming every thing blindly. I just got off the phone with a co-worker who’s at home, and decided to click on a fake antivirus program window that popped up, saying she was infected with a bazillion viruses, and she kept clicking OK to install the programs to “fix” it all. She just thought it was OK to install more stuff on her system, as “Norton will take care of it.” Her Norton hadn’t been updated in quite a while, either (which was part of my rant above), so Norton wasn’t going to do squat about it. If she had a free program that didn’t require her to pay for updates, she’d probably have a bit more protection right now.