Last month, we wrote about scareware and hackers using fake update notices. In the past few days, we've seen a sudden increase in one of these attacks coming from one of the former Soviet republics. This group is exploiting a "DNS hole" to hijack visitors who are attempting to visit legitimate websites (such as a hotel in a common vacation destination like Hilton Head). The hacker redirects the victim to the hacker's virus-infected website, then automatically loads a virus onto your computer. From what we've seen so far, this virus first disables your existing anti-virus program, then slows down your machine and finally starts to present you with a false warning that your computer is badly virus infected and needs to run AntiVirusXP2008 to clean it up (for only $50 which they want you to send to them in Russia). The warning message lists hundreds of "infected" files on your machine. Many of those files are, in fact, on your machine but are legitimate files needed by the operating system.
At Westfield, we normally have to clean up about one infected computer a month. It's jumped to 6 in the past week. Worse, this virus has proven particularly difficult to clean out. Our IT department has found it necessary to completely reimage the machine in order to fix the problem.
At home, fix your firewall, update your antivirus and patches and practice safe surfing. If google or yahoo (or your existing antivirus program) give you a warning that you are about to go to a sight that might contain malicious code, heed the warning. Do not override it just because you think that you're going to a "safe" site like the hotel.
At work, shut your computer off every day. (Your IT department probably pushes updates to your computer's defenses every day but many of those updates can't take effect until you restart your computer. If you leave your computer on for an extended period, you will be missing those critical updates.) And, of course, practice safe surfing.
If you get one of these pop-up warnings, never allow it to scan your computer. If you think you might have triggered one of these scams, call IT.