Rogue antivirus software: think before you download

Sep 1, 2011 9:39am

By Karen McDowell, Ph.D., Information Security Analyst for the University of Virginia

Now that this unusually hot summer is coming to a close, you may be going back to school with a new computer, or you may be the parent of such a student. No doubt you know that you should install a good antivirus program. What more do you need to know? Ever heard of rogue antivirus? If you use a PC, you are particularly vulnerable to this pernicious attack.

Rogue antivirus operates by seizing control of your computer, disabling your antivirus, and inundating you with pop-ups that say your computer is infected with viruses, Trojans, and more. It warns that your computer will soon succumb to these phony “infections” unless you pay a fee on the spot. Needless to say, it can be an upsetting experience.

As you may have guessed, paying the fee only makes things worse. Now you no longer have control of your computer and the attackers have your credit card number and money. To recover control of your computer at this stage, you must reinstall the operating system, a major task. You will also have to report your credit card stolen and monitor your credit reports for any unwarranted activity.

What’s the solution? Is there a way to avoid rogue antivirus? Not entirely, but you do have some control. First, download and install a well-known and well-reviewed antivirus, as well as antimalware software, learn how to use it, and keep it updated. Second, learn how to disable your wireless or wired connection very quickly, because doing this will put a brake on rogue antivirus, which gives you enough time to run your antimalware  program and/or call for help to remove it, so you don’t have to rebuild your computer.

If you are under a rogue antivirus attack and using a wired connection, remove the Ethernet cable from the back of the computer. If you are using a wireless connection and Windows Vista or Windows 7, left-click on the Network and Sharing icon, which is located in the system tray (located at the bottom right-hand side of the screen,  very close to the system clock that tells you time and date), select your connection, and click on the “Disconnect” button. If you are using Windows XP, right-click on the wireless icon in the system tray, and select “View Available Wireless Networks.” Double-click on your connection, and click Yes when prompted to disconnect. You can always remove the power plug from the back of the wireless router, too.

To minimize your risk of a rogue antivirus attack, practice safe surfing and visit only known good sites. It is best to avoid images and links that feature recent news events (even ones like the Norway tragedy), celebrity updates, breaking news, and anything trendy. Before you click, look at the link path in the bottom left-hand corner of the screen so you can see if it matches the site you intend to visit. If it doesn’t, close the page quickly. Finally, keep your important files backed up in case you have to reinstall the operating system.

If rogue antivirus infiltrates your device despite taking precautions, you may have to ask someone to help you reinstall the operating system.

Stay alert and think before you download! The Federal Trade Commission reported that one rogue antivirus company hauled in more than $163 million from 2004 to 2008 by tricking consumers into clicking to download fake software with such clever titles as Winfixer, WinAntivirus, Drivecleaner, SystemDoctor, and XP Antivirus 2008.