This is a technology-focused blog, so I’m not talking about those folks trying to affect our general society using political means. I’m talking about the ones who practice social engineering for the purpose of gaining some control over or unwarranted compensation from your use of your computer. In this context, Social Engineering has traditionally meant attempting to get you to provide information that would help or allow the culprit to gain access your computer or network. I have recently been seeing the results of a slightly different type of Social Engineering.
I have, in the past 6 weeks or so, had clients who were computing merrily along, went to a seemingly innocuous web site and were suddenly presented with a window claiming that their computer was infected with multiple types of malicious software (better known in the industry as malware) – viruses, trojans, and rootkits oh my! These windows are very well crafted and look, at first glance, legitimate. I’ll get to the mechanism that allows the window to show up in the next section. The thing to realize here is that the perpetrators are attempting to use a fear reaction that has been conditioned into the computer-using public through both sensationalized reporting in the mainstream media and through urban legends.
The ways these nefarious individuals get their software to run on your computer are varied, but they all have one thing in common: they take advantage of a vulnerability (which is usually caused by a design or programming error) in some piece of software that you are running. This software could be the web browser that you use (such as Internet Explorer, Firefox, Safari or Opera) or one of the “add-ons” or “plug-ins” you’ve installed (such as the Adobe Flash Player, a music player or a toolbar of some sort). When you open a web site (or an HTML-enabled email) containing a specially crafted file that your browser (or email program) or one of its plug-ins recognizes, it will try to run or play the file, and that’s when you see the scary warning about all the malware on your computer. The irony is that the warning is the actual malware!
So, what should you do if you’re confronted with one of these warnings? First, remain calm. Never, never just blindly click on the button that says something like “Remove all infections now” or (more likely) “Buy the Pro version of this software to remove the infections.” Next, look very carefully at the window and try to determine if it’s actually a warning from the Internet Security or Anti-virus software that you know you have installed. If it is from software that you know you installed for this purpose, handle it according to your vendor’s recommendation (the specifics of how to do this are beyond the scope of this article). Finally, if you determine it is not a legitimate warning from software that you purposefully installed, don’t click anywhere in the window, particularly on any of its buttons! Either use another computer to Google the name in the title bar of the window or some other identifying information and try to find out how to safely stop the program from running, or contact someone to help if you’re not comfortable dealing with it yourself.
There are things you can do to prevent or avoid these problems altogether, and they will be the subject of my next article on this blog. Stay tuned…
