Sunday, November 21, 2010

Badware warning -not about cooking

     This has nothing to do with cooking but is a good article about a problem I just encountered and hopefully it will help ease that initial panic that sets in when it happens to you.

Don’t Get Tricked by Badware
In the course of browsing the internet, you will eventually come across a website that has been infected by some sort of malicious code – trojan viruses, malware, adware, or fake antivirus programs. Collectively, we’ll call these pesky little programs badware. Most modern web browsers have the ability to detect or prevent you from getting infected with badware. Spotting badware before it gets on your computer can be tough, but you need to be aware and practice safe web browsing.

An Innocent Looking Link

This morning, I was searching Google for some information on the typical dimensions for an elevator. So, as most of you do, I loaded up Firefox, typed my search terms into Google and was presented with a long series of links on the subject. I clicked on the first link presented on the search engine results page and then it happened – I was redirected to a badware site. Obviously the website I was trying to access had been compromised and was serving up some bad stuff. The webpage proceeded to load several thing in my web browser and finally came up with something that looked like this:
Badware in Firefox
At first glance, you might think that this is a standard Windows XP window that is relaying some very important information about your computer. It appears to go through a super-fast scan of your hard drive and then comes up with a results list of infections that includes Banker.MGB, Trojan.DownLoad.37236, Win32.HLLM.Netsky.35328, Trojan.GootKit, and Nuwar.GDM. Those all sound and look pretty scare when you see that they have high or even critical threat levels.
But there are several problems with this window and I was able to spot the badware rather easily:
  • The image shown is for Windows XP – I’m running Windows 7.
  • I have six drives connected to my PC – this scan only shows one.
  • I never requested a scan – the browser was redirected.
Just these few things should be enough to set off the warning bells in your head. Badware is tricky and they will do anything to get you to download their software.

Don’t Load the Badware!

The fact is that the results shown on the screen are there to scare you. I cannot stress this next statement enough:
Whatever you do, don’t load the badware!
Most badware gets onto a computer through a user-initiated response. That means that the user actually allows the badware to get onto their computer system, usually by downloading the badware or clicking a button that they shouldn’t. Many websites infected with badware trick the user into downloading the software and once you get it on your computer, its usually very difficult to get rid of it.
When you try to navigate away from the badware website, you may see boxes like those shown below. Whatever you do, don’t click on the “Save File” or “OK” buttons. I don’t even trust the “Cancel” button, so I always click the X in the upper right corner just to be sure. In the first box, the infected website is trying to download something called packupdate107_2124.exe. While that may sound official, it most certainly is not.
Badware Download
Badware Trick

Escaping the Badware

If you have been redirected to a website infected with badware, there are several things that you can do to prevent the badware from installing on your computer. Most of the time, the infected website will try to “lock” you in with an impossible loop of clicks that won’t allow you to leave. Short of simply unplugging the computer from the wall, there are some steps you can take to break the loop and keep the badware from downloading onto your computer:
  1. In Firefox, go to the File menu and click “Work Offline.” This will prevent Firefox from reloading the websites you currently have open, including the badware site.
  2. We need to forcibly quite Firefox, so press CTRL+ALT+DELETE on your keyboard to bring up the task manager.
  3. Find the instance of Firefox running in the list, click on it once to highlight it.
  4. Click the “End Task” button and a confirmation window will appear.
  5. Click the “End Now” button and Firefox will be shut down.
Once you’ve shut down Firefox, you have effectively prevented the badware from downloading. Now you have to prevent Firefox from reloading the same window and taking you back to the website where the badware is located. When you restart Firefox, the “Well, this is embarrassing” screen will appear with a list of tabs you had open at the time Firefox was shut down. You have two choices: you can either unselect the badware site or you start a new session and remove it from the restart list or you can start a new browsing session. I prefer to start a new session, so I recommend that you click the “Start New Session” button.
Start New Session

Removing Badware

If you made a mistake and you actually downloaded the badware thinking that you had a virus when you really didn’t, then you may have a bigger problem. If you have antivirus software on your computer, hopefully it will catch it. If it doesn’t then there are several programs available to help you get rid of the badware. I recommend the following programs to help prevent badware and remove it from your computer:
If none of these programs work to get rid of the badware, then I recommend that you consult your local computer expert and they will be able to assist you.

1 comment:

  1. Very nice step by step directions. I want to link to this for some school kids so that they know the dangers of badware.


Thanks for your comment, I hope you enjoyed your time in the "Kitchen".