Tech with Tom: Fake virus warnings

Editor’s note: Tech with Tom Kirkham is intended to provide practical information about a wide range of electronic products, software and communication issues. Tom has promised to use layman terms, where possible, and to avoid geeky acronyms unless using said acronyms are the build up to an off-color joke built largely around sophomoric innuendo. Seriously, this should be good stuff and it will post on Fridays (barring any breaking news from Steve Jobs or elsewhere in the Tech world). Enjoy.

Over the past year or so, fake virus messages have begun popping up all over the Interwebs. These pop-up ads are disguised to look like real Microsoft or anti-virus messages, and display messages informing you that your computer is infected with viruses – really bad viruses. This type of malware is known as “scareware.”

If you click to ignore the message, it will persistently pop-up repeatedly until the user selects OK or Cancel. Then the real trouble begins: your computer actually does become infected with malware, and is eventually virused up big time. The fake anti-virus then entices the user to cough up money for a removal tool. Guess what? The removal tool does not work, your money is gone, and your computer is still infected.

You may be thinking, “I don’t visit those types of sites. I only go to CNN.com and weather.com. It is mostly those porn and gambling sites where people get in trouble.” But the CNN and Weather Channel sites have been known to present those pop-ups.  Many legitimate, highly-visited sites such as NYTimes.com have been fooled into displaying the fake virus warnings. Facebook is particularly troublesome.

How does this happen? On most Web sites with advertising (including The City Wire), the advertisement is displayed from a different server than the Web site itself. These servers manage the buying, selling and displaying of the ads. All the scareware publisher needs to do is get what appears to be a legitimate ad accepted into the display ad network, let that run for a few days, then swap it out for the scareware ad.

Here’s what to do if you get one of these pop-ups. UNDER NO CIRCUMSTANCES do you press “Ok” or “Cancel.” First, simply ignore the ad and close your browser using the “X” in the upper right. Then, press the same “X” on the pop-up message. You may have to do this repeatedly until the ad quits cycling.

If this fails, kill your Internet connection by either pulling the ethernet cable from the back of the computer, resetting your modem or router, or if all else fails, turn your computer off the hard way – press and hold the power button until the computer turns off. Of course, you will lose any unsaved work when you do this, and turning your computer off by immediately powering it down *may* cause a system file corruption problem, so only do this as a last resort.

I also think that Internet Explorer’s pop-up blocking is not as good as the other browsers, so quit using it.

Notes on Tom
Tom Kirkham is the publisher and co-owner of The City Wire. Tom also is host of the Tom Kirkham Show on Newstalk KWHN 1320 AM, which airs each Saturday from noon to 1 p.m. He also owns and operates Kirkham Systems, a computer, communication and networking company. Tom has more than 20 years of experience in business and technology, and claims to be a photographer, jazz lover, Cajun food expert and dog rancher.

You can reach Tom at [email protected]