We have worked hard to educate users of the need for computer hygiene, using anti-spyware, multiple browsers, data backups, and anti-virus programs. Unfortunately, users are getting fooled into installing fake antivirus programs through clever pop-ups that work off the fear users have of viruses. These programs install themselves and trick users into paying for bogus services or they gather private information on user activities and send it off to spammers and thieves.
These malicious antivirus programs are extremely common. Google has identified over 11 thousand sites distributing fake antivirus code.
It is important to take the next step and teach users how to differentiate between legitimate programs and scams. Your company probably has a standard antivirus program that is used on all machines. Users should be made aware that this program will protect them from viruses and that they have no need of other programs.
Unfortunately, even clicking no or what appears to be a close button on a pop-up can result in the program being installed. Users need to be taught how to close out of windows properly to avoid activating the malicious code they contain. One method is to press [Alt] + F4 to close the current window. If that does not work, pressing [ctrl] + [alt] + [esc] in Windows or [option] + [apple] + [esc] in MacOS will open the task manager/force quit applications window where Internet Explorer (iexplore.exe), Firefox (firefox.exe), or Safari can be closed.
Once a fake antivirus program is installed, it will appear to scan the hard drive. It will tell you it has identified viruses and then clean them, but it does nothing of the sort. Usually, users will notice a performance decrease. They may also find that their browser has been hijacked, or they will begin to see many pop-ups and advertisements on their screen. Users should be made aware of what follows the installation of a fake antivirus program so that IT can resolve the situation. The sooner IT knows of it, the better because these programs continue to do their dirty work even to the point of filling up a hard drive or making a computer completely unusable.
Spyware can also generate fake antivirus alerts. Make sure that anti-malware programs are up to date and that they scan programs in memory and programs on the hard drive and removable drives as soon as they are added. Corporate applications usually have the ability to report back to a central monitoring station when a workstation is infected with a virus or a malicious application. Train your administrators to make use of such consoles and to stay on top of any infections. When a machine is infected and not treated, it is not long before it turns into an epidemic.
Take the time to educate your users because it will save them a lot of grief and your IT staff a lot of time cleaning machines. Stay up to date on the latest fake programs and consider creating a security portal where your users can get information on fake programs and other security tips.