Teaching Users to Spot Malicious Programs

We have worked hard to educate users of the need for computer hygiene, using anti-spyware, multiple browsers, data backups, and antivirus programs. Unfortunately, users are getting fooled into installing fake antivirus programs through clever pop-ups that work off the fear users have of viruses. These programs install themselves and trick users into paying for bogus services or they gather private information on user activities and send it off to spammers and thieves.

These malicious antivirus programs are extremely common. Google has identified over 11 thousand sites distributing fake antivirus code.

It is important to take the next step and teach users how to differentiate between legitimate programs and scams. Your company probably has a standard antivirus program that is used on all machines. Users should be made aware that this program will protect them from viruses and that they have no need of other programs.

Unfortunately, even clicking no or what appears to be a close button on a pop-up can result in the program being installed. Users need to be taught how to close out of windows properly to avoid activating the malicious code they contain. One method is to press [Alt] + F4 to close the current window. If that does not work, pressing [ctrl] + [alt] + [esc] in Windows or [option] + [apple] + [esc] in MacOS will open the task manager/force quit applications window where Internet Explorer (iexplore.exe), Firefox (firefox.exe), or Safari can be closed.

Once a fake antivirus program is installed, it will appear to scan the hard drive. It will tell you it has identified viruses and then clean them, but it does nothing of the sort. Usually, users will notice a performance decrease. They may also find that their browser has been hijacked, or they will begin to see many pop-ups and advertisements on their screen. Users should be made aware of what follows the installation of a fake antivirus program so that IT can resolve the situation. The sooner IT knows of it, the better because these programs continue to do their dirty work even to the point of filling up a hard drive or making a computer completely unusable.

Spyware can also generate fake antivirus alerts. Make sure that anti-malware programs are up to date and that they scan programs in memory and programs on the hard drive and removable drives as soon as they are added. Corporate applications usually have the ability to report back to a central monitoring station when a workstation is infected with a virus or a malicious application. Train your administrators to make use of such consoles and to stay on top of any infections. When a machine is infected and not treated, it is not long before it turns into an epidemic.

Take the time to educate your users because it will save them a lot of grief and your IT staff a lot of time cleaning machines. Stay up to date on the latest fake programs and consider creating a security portal where your users can get information on fake programs and other security tips.

Share Button

10 thoughts on “Teaching Users to Spot Malicious Programs

  1. I’ve been using it for almost 6 years and never had a porelbm.. The banks use the best security because they don’t want any porelbms.. If you are using a public computor you must empty the cache and history so no one can use your info.. if it is a personal computor just make sure you empty your history too.. They advise you to change your password often just in case.. and if there is ever a porelbm you get to see if firsthand with your online banking and can catch it quicker and report.. the bank always gives tips on how to stay safe once you have signed up..

    View Comment
    • Thanks for your comment and for showing an interest in the Network Security in Cyberspace. We gave our son Terry Jr a chance to be involved in this specific niche because of his Computer Science Degree from UNR, but he hasn’t really applied his knowledge in this area yet. It might just be a timing thing, but we’ll keep encouraging him to write some informative posts that will help protect people.

      View Comment
  2. I use online bakning for two separate banks.I have never had a single problem.The only thing I advise is not to give your login ID or your password to anybody, but I think that’s pretty obviously, right? =)

    View Comment
  3. Phattamachai,

    You would think it would be obvious but it is still far too common for people to share passwords. I read an article recently on how common it is for kids and students to share passwords as a sign of trust between friend or between boyfriend and girlfriend. In the corporate world too, it is all too common for people to give out their password if asked for it.

    View Comment
  4. I’ve been surfing online more than 3 hours these days, yet I never found any interesting article like yours. It’s lovely price enough for me. Personally, if all site owners and bloggers made good content as you did, the net will be a lot more useful than ever before.

    View Comment
  5. Scan for malware but run it as administrator. Go into safe mode with networking. Right click your anutrivis icon and choose run as administrator. You should be able to access your virus scanner this way. Do a full scan. It should detect and remove it. After this, it’s a good idea to run a spyware/malware detector like spybot search and destroy or IObit Security. I also used ccleaner to do a registry cleanup .My anutrivis (AVG 9 full) caught everything but I did the rest just to be safe. 4 days now, and no problems since.

    View Comment
    • In our office we have Symantec Anti-Virus Corporate Edition. One of the wootrtakisns on the network (actually, mine) functions as the anti-virus server for downloading definitions. The servers just have SAVCE client installations on them. They’re just configured for a managed installation and to use my workstation as **their** server for anti-virus purposes.It works fine for us, but SAVCE is kind of a spendy solution. If you get a cheaper idea that’ll take care of your servers, go for it!

      View Comment

Leave a Reply