Scareware

We have received a lot of calls lately about new malware that we are seeing on both campus and personal computers. The most common kind of malware we see is called "Scareware" and is a fake antivirus program.  It may put a window on your screen that looks like this:

popup

You will be surfing the web, minding your own business when suddenly a pop up appears that looks like it's scanning your computer and then will show that you're infected by hundreds of viruses.

secondpopup

In some cases it is just a pop up. In other cases it will take over your entire screen. They usually look very convincing. Have no fear, this is completely fake! Their goal is to get you to download their program and give them your credit card information. Don't do it! If you get one of these pop ups, don't click on them at all. Use Alt+F4 to close the window, or close the window from the taskbar at the bottom of your screen. Rebooting is also a solution. If you are unsure of what to do feel free to call the Help Desk (x4790) and they'll be more than happy to assist you.

In some cases, a malicious website or advertisement will take advantage of a bug in programs like Adobe Acrobat, Java, Flash Player and can install software on your computer without any user interaction. Frequently they install fake antivirus programs like shown above. In this case, even when you close the program it will continue to pop up on your computer and harass you to purchase their software. In some cases the malware will prevent you from opening applications on your computer, claiming that they are infected. If you encounter something like this, please notify IITS immediately.

If you think your computer is infected with a virus, please stop using it and call the Help Desk right away! If it is off hours, the best thing you can do is unplug the network cable and wait until someone from IITS can diagnose the situation. The most important thing is to stop using the computer. Some viruses can capture keystrokes (such as passwords) or sensitive information and that's what we're hoping to avoid.

Our campus computers are already protected with an antivirus solution. We use Trend Micro OfficeScan. If OfficeScan picks up an infection or blocks a website that is known to be malicious you will see a pop up that looks like the one below. This is legitimate.

thirdpopup

  As always, if you're concerned call the Help Desk and they will walk you through the situation. It's much easier to prevent a virus infection than it is to fix one!

Wayne Dilly

Operating Systems Analyst