Ask Leo: How did a website install malware on my PC?

August 02, 2011 by in leo notenboom

askleo

By Leo Notenboom

I went to a website and the moment I got there, my computer started to tell

me that I had virus. I know I did not except for this advertising; I have

antivirus and antispyware and it still got in. I found it and put the program in the

all users application data. After I removed it and restored to an earlier date, it

was gone. I went back to the same site and nothing happened. So, my question is how

did it install the program on my computer and why did it not do it the second time

I went back to the same site?

First, I want to let you know that you were lucky; this approach to malicious
infection is incredibly devious and, sadly, often successful.

I also want to say that if you restored from a backup to get rid of it,
that’s excellent. Unfortunately, other manual approaches to getting rid of
malware – including system restore – are not guaranteed to always remove all
traces.

Let’s review what probably happened.

It’s A Trap!

It’s pretty easy to make something that looks like a very
legitimate Windows alert or error message that tells you “OMG! YOU’RE INFECTED!
CLICK OK TO FIX IT!”.

<br "OMG You're Infected! Not." title="OMG You're Infected! Not." />

(I’ve used a very simple example – actual malware often replicates
very complex and official looking alert dialogs and message boxes.)

Of course, if you click on OK rather than dismissing the warning, the fake
message box is crafted to take that as a request to download and install
malware. In fact, a fake message box can be crafted so that anything that you might
do to close it, including clicking the “x” at the upper right or typing ALT+F4 to exit, actually instructs your browser to download and install malware.

Various approaches, including limited user accounts, or Windows User
Account Control, can help thwart the attempt or minimize the damage, but on
systems where security is lax, this is one way that malware purveyors get on to
your machine.

A very common type of malware that does this is often referred to as
“hostage-ware”, because once installed, it demands payment to download software
that will supposedly remove the malware.

Don’t. Not only will you have given your credit card information to one of
the bad guys, but often, the “fix” simply doesn’t.

Article Continued Here: Avoiding The Trap

This post is excerpted with Leo’s permission from his blog.

FaceBook URL: Leo’s Facebook

Twitter URL: http://twitter.com/askleo

Leo Notenboom

About Leo Notenboom

Leo A. Notenboom is the owner of Puget Sound Software, LLC and the Leo in Ask Leo!. Leo has been in the personal computer and software industry since 1979, as a software engineer, a manager of software engineers, and as a consultant. In 1983 Leo joined what was then a medium sized local company called Microsoft and spent the next 18 years in a wide variety of groups working on a wide variety of software. If you're running Microsoft Windows, if you've used a Microsoft development tool or Microsoft Money, or if you've ever purchased a ticket through Expedia, there's a good chance you've been touched by some of his work. And of course, since 2003, Leo has been answering your tech questions on Ask Leo!

One Response to Ask Leo: How did a website install malware on my PC?

  1. Michael Garcia says:

    More about "hostage ware." If you get this kind of stuff, you're in trouble, but if you DO get this kind of stuff, your AV/Malware protection isn't doing a good job. AVG, Avast and a few other free AV programs would block that type of thing. Malwarebytes AM is good but the free version is only "after the fact" so it might be possible to clean your machine using it in Safe Mode w/NWing but the free version won't block the infection.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scan with PC Matic

Sign up for our FREE Newsletter

Our weekly newsletter is packed with computer tips & tricks.
As a bonus, receive monthly emails with exclusive offers.

Which device is the most important to you?

View Results

Loading ... Loading ...


Contributors