Italian-Style Meatballs

Meatballs?

Have you ever walked around one of those great North American wholesale stores? You know, the store where you’ll find the heads of small businesses and large families or both?

Well, I always have fun going there, and when I do, I pick up a 25-lb bag of “Italian-Style Meatballs.” They added the word style in there just in case a “hungry” lawyer buys them and wants to pick nits. Anyway, today we’re going to talk about Nigerian-Style Hoax Viruses. They’re not always from Nigeria, and they’re structurally different from the traditional old-fashioned viruses Mama used to make.

Disclaimer: I’ve got a lot of friends from Nigeria and Eastern Europe, and from everywhere else from that matter. These scams come from where they come from and that’s all there is to it.

La Historia

Traditional viruses are tiny pieces of malicious software code that replicate themselves from drive to drive or PC to PC and infect machines, sometimes slowing them down or reporting their information to the author.

Customers who call me with a slow PC (mistakenly) think they have a virus, when most of the time (ironically) it’s Norton or McAfee destroying their computer. Indeed, even your average computer guys still think a virus is the only thing that can harm your machine, when in reality there’s so much more…

Ever since email became popular, the world has been plagued by various scams. They don’t always originate in Nigeria, but it’s certainly a hotbed for Internet hijinks. The first style of scam was the 419 scam, where you receive an email allegedly from a Nigerian prince, asking if you could take some loot off his hands. (If you agree, they send you a forged money order for $X and tell you to send back half of that sum, and their money order bounces later on.) Wasting the scammers’ time has also become an art form, and web sites like 419 Eater document the fun.

Other scams include “Help I’m trapped on vacation please wire me some money”, as well as Phishing, where an email leads you to an impostor banking website that records your username and password.

Hoax Viruses

The latest scam to come out of Nigeria and Eastern Europe is the Hoax Virus, also known as scareware, rogue security software, or hostageware. These are structurally different from regular viruses. EVERY Microsoft Windows user is vulnerable to them, and there is NO KNOWN SOFTWARE to prevent these attacks. (I’ve seen one Mint PC display a 3rd-gen hoax virus but restarting Firefox solved it, since nothing can actually penetrate Mint.)

You start out by either:

  • using a Google Image Search to find a picture you need for a class project, or
  • clicking on a link from a shipping company claiming your tracking number is available, or
  • clicking on a window that claims you need a Flash plugin while enjoying some pirated television show online.

Then, something goes very, very wrong: A window pops up on your computer claiming you have 12,000 viruses and must type in your credit card number to be rid of them…

You have received a Hoax Virus. You got it from a website “trained” to inject PCs with them, and unlike old-style viruses, these DON’T spread from computer to computer. They target the user account you’re using, and usually evade capture by not affecting the rest of the system. 99% of the time, they only affect ONE user account on your PC. (If you have Sally and Bobby and Jimmy accounts, and Jimmy gets the virus, the other two are untouched.)

Again, you can have 90 copies of Norton or Webroot or any other antirivus software, but if these babies want in, they’ll get in. (That’s why I believe ALL antivirus and antispyware programs are unnecessary, with exception of Microsoft Security Essentials.)

Examples

You’ll know when you get one of these buggers, because a fake virus scan window shows up, then scares you into paying them money. Note how they look eerily similar to popular antivirus programs (or components of Windows itself).

Most of the time they’ll:

  • include misspelled words
  • “detect” an outlandish number of viruses, and
  • won’t let you launch ANY PROGRAM

so those are dead giveaways, huh?

Here are some examples of what you can expect. Check out some more examples here.

antivirus-2010 internet security Security_Central_rogue

They usually have pretty shady names, like:

  • XP Antivirus 2010
  • Vista Security Pro 2010
  • Vista Antispyware 2010
  • Spyware Protect 2009
  • Antivirus 360
  • Antivirus XP 2008
  • Windows Ultra Antivirus
  • Defense Center
  • Windows Stability Center
  • XP Antivirus 2012
  • Internet Security 2010
  • Win 7 AntiVirus 2011
  • Antivirus Security 2013
  • Win 7 Defender 2013
  • Security essentials [sic] 2010
  • Antivirus Clean 2011
  • Internet Protection
  • Personal Antivirus
  • Cloud AV 2012
  • Win 8 Security System
  • Security Central
  • Live Security Platinum
  • System Care Antivirus
  • Antivirus Antispyware 2011
  • SmartDefender PRO
  • OR SOMETHING SIMILAR.

Now that we’ve got everyone’s attention, let’s move on!

These things hold your computer hostage and promise to clean the nonexistent viruses if you type in your credit card number. NEVER EVER EVER DO THIS. They will steal your credit card number, and subsequently your identity, immediately. If you’ve mistakenly done this, call your credit card company and tell them you’ve been scammed. You CAN report it to the police, but there isn’t much they can do.

After removal, the first generation of these would leave your user account ROASTED – rendering it impossible to click on anything forevermore. It would also HIDE all of your files, convincing even an average computer guy that you’ve lost all your stuff. (Creating a fresh user account, moving your files over, and running BleepingComputer’s beautiful Unhide.exe tool fixes that.)

The second generation can be removed without much further ado. For some reason they’re less damaging.

The Third Man

The THIRD generation is a whole different ball game. These don’t pose as antivirus programs, but rather as THE FBI ITSELF:

  • They take over your WHOLE SCREEN and you can’t get out
  • they claim they’ve caught you looking at naughty things,
  • and that the FBI wants you to pay them some sort of indulgence:

fbi ransomware

These can come through porn sites, or from any other infected website, really. Regardless of what you were doing when they catch you, these guys are out to scare you, and they want your money.

They’re a bit smarter than the credit-card-seeking ones, because these ask for a Moneygram or similar money order service as opposed to a credit card number.

Many of these will also TURN ON YOUR WEBCAM (they probably don’t record you) just to freak you out even more.

Again, DO NOT PAY THESE PEOPLE.

It’s all poker, really. There’s nothing to be afraid of. These babies can’t spread and everything they claim (you have 12,000 viruses, or the FBI wants you) is false. They can’t even damage your personal files!

Removal

Let’s say you get one of these and realize it’s not legitimate. You call your aunt’s uncle’s cousin’s neighbor’s pastor’s ex-wife’s goldfish’s golf partner, who’s “good with computers”. They come over and boot into Safe Mode, then they spend the next 3 days trying to install Malwarebytes or some other Windows-based scanner, with very little hope of solving the issue. Maybe you then brought it to a computer store, and those guys erase your entire machine because they don’t know any better. (Worse yet, one hoax virus claimed the hard drive was physically damaged and one of my customers brought it to an Office Supply store… the guys actually replaced the hard drive!!!)

There are also scumbag websites out there that claim to offer free downloads or phone support, all of which are garbage. Again, TRADITIONAL ANTIVIRUS SOFTWARE (Norton, McAfee, etc.) CANNOT HELP YOU, and only a small handful of antimalware programs can.

Folks, this isn’t a simple issue to fix. Mine is the only shop I know of that employs Non-microsoft technology to rip them out, and the only shop in town that can do so while preserving your data. (For those of you who are ready to graduate from average to master, we use Mint LiveCDs and search for folders in the ProgramData, Appdata\Local, and Appdata\Roaming with random letters and numbers.)

If you are infected with one of these, call Teknosophy, at 585.789.1856 or visit www.teknosophy.com and we’ll rip it out while leaving your personal files intact.

Why they do it

Why not? It’s extremely cheap to cast a net out onto the Internet and see if a few people bite. If even 4 or 5 people bite, that’s 4 or 5 identities they now control!

It’s also absurdly easy. Microsoft Windows has absolutely no protection from Hoax Viruses, security companies have no idea these things exist (and how to prevent or even detect them), COMPUTER GUYS don’t know much about them, and consumers are fooled by them.

Unfortunately, even shady first-world companies create products that sneak in underneath other software and then claim to clean or speed up your computer, (some of which flaunt legitimate Microsoft Partner logos) – Examples include PC Cleaner Pro 2013, Uniblue, and Driver Detective. These can usually be uninstalled via Programs and Features.

Any time I see ANYTHING that promises to clean or protect, be it rogue, legit, Nigerian, American, Russian, or Martian, I know it’s useless.

Prevention

There’s nothing you can do to avoid these, save for avoiding Microsoft products altogether. Consider switching to a Macintosh computer or iPad if at all possible. Ask us about our Mint computers – they’re standard PCs with all the Microsoft ripped out, and replaced with the easier, bulletproof Mint operating system.

That’s it, thanks for reading! We’ll see you next time on Teknosophy.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s