Who would think that looking at ads found on the London Stock Exchange website could infect your computer with malicious software designed to steal your money? If you can’t trust the London Stock Exchange, who can you trust?
That’s a very good question, because on February 27, the London Stock Exchange website became untrustworthy. In this case, you didn’t even have to click on anything. All you had to do was look at the site’s main page and bam, your computer would start downloading and installing malicious software in what has come to be known as a “drive-by attack.”
After being victimized by the drive-by attack, the victim’s computer would start displaying a fake antivirus program which would claim to have found numerous viruses. The malware would also try to extort money to fix the problem and display a scary message reading, “Warning! Your’re in danger!” (yes, that’s how it was spelled). This type of infection is called “scareware” (read my March, 2010 column titled, “A scareware epidemic”).
As it turns out, the London Stock Exchange’s website was plagued by “malvertising,” malicious infected advertising served up by a third party. Here’s how the attack works: legitimate websites subscribe to advertising services to provide those annoying, obnoxious ads that website owners have been conned into thinking we like to see. Most of the time, though, the website owners don’t know what ads will appear in the blank spaces reserved for such eyesores; they usually don’t even bother to find out. Filling those spaces is the job of the advertising service.
The Internet bad guys know how this system works, so they place mass quantities of infected ads with advertising service companies. Because the entire advertising chain is mostly automated from sales and payment to placement, the booby-trapped ads get lost in the millions of legitimate ads that are placed every day. Catching the bad guys is next to impossible.
Infected ad shenanigans like these are nothing new. Websites like Google, Major League Baseball, Fox, Canada.com, National Hockey League, Yahoo and countless others have all been victims of the same problem. Protections have improved, though, but you have to be aware of what they are. Users of the Firefox browser, for example (which I have been recommending for years) were shielded from the London Stock Exchange attacks. On the other hand, Internet Explorer users were in a bad way.
I have learned a few other tricks about how to avoid scareware infections, but you have to prepare before the attack hits; trying to apply these measures after the fact just doesn’t work. Nevertheless, here’s how to avoid a scareware infection:
A. Use only the Firefox browser (Mozilla.com) for all your web-surfing duties and install Ccleaner (www.ccleaner.com).
B. If you visit a website and something pops up saying your computer is infected, the next step is super-important: don’t click “Yes” or “No” or “Cancel” or the “X” to close the popup. Don’t click anything in the popup.
C. Press CTRL-ALT-DEL (Control-Alternate-Delete) all at the same time to run Task Manager.
D. Click the Applications tab. Highlight and “end task” the browser/website. Close Task Manager.
E. Run the “Cleaner” function of Ccleaner with “DNS” cache,” “Old prefetch data” and “Custom files and folders” checked.
F. When Firefox restarts, start a new session. Do not restore the old session.
Be happy. Disaster averted!