Rogue Security Software
If you’ve reached this blog post from a Google search for the phone number 4169153536, please be advised that the call you’ve received is a scam. Read on for details.
Rogue security programs look legitimate, but are nothing more than a social engineering tool designed to relieve you of your money.
I touched on rogue security software in my last post (Digitally Transmitted Diseases 101), but a recent experience made me want to revisit the topic.
A member of my family recently fell prey to one of these programs. Setting aside how the program made its way onto his computer, it happened, and it told him that his computer had fallen victim to over “800 hacks.” Not being very technologically savvy, this scared him, as it’s designed to do. He called a number that was given to him (416 915 3536, which has a Toronto area code), and spoke to someone named Steve Dawson.
Unfortunately, my grandfather was convinced to hand over his credit card information, and grant them remote access to his computer. When he started to realize he may have made a mistake, he told Steve that he would ask his grandson to help him. Steve, in an effort to sound legitimate, encouraged him to have me call them. Here’s how that phone call went:
“Hello, thank you for calling Windows technical support!”
Right away, I can tell that this is not a local call, by how it’s ringing. This is a call that’s being routed to another country altogether.
A lady claiming to be named Lucy picks up the call. She has a thick accent. “Hello, thank you for calling Windows technical support. How may I help you?” There’s a tonne of noise and yelling in the background.
“Good evening. Steve Dawson, please,” I say.
She replies, “Oh, Steve Dawson. Yes.” And then, instead of putting me on hold, she just yells, “STEEEEEEEEEEEEEEVE!”
Very professional. Another guy with a thick accent comes on the line. He says he’s Steve Dawson. I ask him what country he’s in. He says New Jersey, United States. Bullshit.
Two minutes into the conversation, he gives up on the lie that he represents Microsoft technical support. When he realizes that he’s actually speaking to an IT professional, he gives up on the lie that he’s a Microsoft-certified engineer. When my grandfather told him he would ask his grandson to help him, he told him to have his grandson call him. I ask what he thought was going to happen when I did call him. He has no answer.
He starts rambling, and I tell him to stop talking. I spend the next five minutes ripping into him over the phone until he gives up and hangs up, but not before he turns it around and starts calling me a scammer.
Did I expect to get anything out of the conversation? Of course not. But sometimes it’s nice to have someone to yell at – someone who deserves it. And for messing with a kindly elderly man, he deserves it.
That takes care of all my pent up aggression this week. I don’t have an asshole landlady to argue with anymore, so who else am I going to unload on?
What do you do if this happens to you?
If you’ve let it get this far already (as in, they have your credit card number and/or remote access to your computer), the first thing you need to do is cut off their access. It may not be easy for you to shut down your computer properly, so hold the power button for a few seconds to cut power if you need to. The important thing is that their access over the internet be cut immediately.
Call your credit card company and report the fraud. Explain what just happened, and have them reverse any charges made. They’ll cancel your current card, and issue you a new one. If necessary, involve the police, as they can file a police report that forces your credit card company to cancel the fraudulent charge.
If you’ve given them your computer’s password, change it immediately. Think about any other online accounts you may use the same password for, and change those immediately, too. This is especially important if you use that password for your email or any online banking.
Call your nearest IT guy and ask them to help you remove the malicious software from your computer, as well as any remote access software left behind. A scan with your antivirus software is recommended, but you may need a professional to look at it anyway, especially if your antivirus software has been disabled.
The Moral of the Story
Don’t trust software you’ve never seen before if it tells you that your computer is infected. Don’t trust someone who calls you and tells you the same.
And the most important point, something I tell my clients all the time: If you have even the slightest doubt or question about something, call your IT guy. Don’t worry about putting them out. Just remember, a five-minute phone call can save you hours of frustration and embarrassment.
Steve Dawson, whatever your real name is, know this: If I ever meet you in person, your testicles will be introduced to my shoe, post-haste.
What do you think? Leave a comment!Digitally Transmitted Diseases 101
These days, more and more people seem to be asking me, “Tristan, I want to become a shark-fighting, syrup-chugging, moose-herding, tree-felling Canadian, too. But first, I’m confused – Can you explain the difference between a virus, a trojan, and spyware?”
You may have read a post I wrote on the digital clap a couple of years ago, Discount Pharmaceuticals – Get ‘em While They’re Hot! Consider this a sequel, if you will. Previously, I offered some helpful tips on protecting yourself online. Now, I’m going to help you understand what you’re protecting yourself against.
Turns out, the digital clap isn’t the only digitally transmitted disease out there. Here’s a brief explanation of the most common types, better known as “malware” (malicious software, get it?).
The Infamous Computer Virus
The virus is so widely known, that people often group all other forms of malware into this one category. However, it’s important to understand that a virus is just one form of malicious software that wants to settle in on your computer.
It’s easy to see why the virus is so widely known, since it’s been around the longest. Before internet use was widespread, viruses were often spread on floppy disks, and other portable media. Today, they most often spread over networks.
They make changes to systems whose results range from simple annoyance to outright destruction of data, and they’re also injected into other files, including Microsoft Word and Excel files.
Since the virus was, essentially, the first form of malware, how do the other forms differ?
The Trojan
The Trojan Horse of Greek mythology seemed, to the inhabitants of the city of Troy, to be a gift. However, concealed inside were enemy soldiers that used it as a ruse to gain entry to the city and destroy it.
Think of a trojan as the software version of that horse – A piece of software designed to seem harmless on the outside, in an attempt to get you to run or install it. Once you do, you’re opening yourself up to attack. Trojans are often used to steal information, or even enable an outside party to gain remote access to your computer. You want that about as much as you want the real clap.
The Worm
Worms are viruses that spread by any means necessary – Usually, over a network directly, or by harvesting your address book and sending itself to your friends. Trust me, they’ll love you for that.
Spyware and Adware
While not usually as destructive as other forms of malware, spyware isn’t any less dangerous. It’ll sit on your computer, collecting information about your habits on the internet, such as what sites you visit, and send that data elsewhere.
Why is this a problem? It’s a privacy violation. How many other people do you really want aware of that embarrassing Google search you did last week about that rash on your buttocks? And for advertising data, no less?
Adware is designed simply to display advertisements on your computer. And where do you think they get the data to target the ads towards you, personally? Bingo. The most annoying fact about spyware and adware is that it’s often installed with software such as browser toolbars, which many people elect to install themselves. The MyWebSearch toolbar is a perfect example of this.
The Rogue Antivirus Application
An example of a piece of rogue antivirus software, pretending to be a legitimate scanner.
Rogue antivirus software likes to get all dressed up for a night on the town. In this case, the “town” is your computer. These tricky bastards are designed to look like legitimate antivirus applications, such as Vipre or (heaven forbid) Norton Antivirus.
What’s funny about these ones is that they actually tell you that you’re infected, in an attempt to get you buy bogus software. Tricky, indeed.
Of course, if they were legitimate, they’d make it easy for you to remove them. Too bad it just isn’t that easy. They often block key programs that would otherwise make stopping or removing them a simple task.
The Keylogger
I don’t have to explain this one, do I? It should go without saying that you do not want to enter a password to your bank account on a computer that’s secretly recording every keystroke on your keyboard, and sending that data to someone on the internet.
Last but not least: The Rootkit!
Always save the best for last, right? Just kidding. Seriously.
A rootkit camouflages itself among your computer’s core systems. It integrates itself into a part of your operating system, and hides itself so well that it is often incredibly difficult to detect, much less remove. Of all the forms of malware out there, the rootkit is most often the one that will make your IT guy throw his hands up in defeat, and just wipe a computer entirely.
It’s not that you can’t remove a rootkit, it’s just that in the time it usually takes to make progress against one, you can often just wipe a computer and reinstall its operating system and applications anyway. Removing rootkits usually ends up being a frustrating exercise that can even lead to significant damage to an operating system, anyway.
The More You Know
This topic is one that confuses a lot of people outside the IT industry, but that’s ok. It isn’t your area of expertise, but you want to better understand what threatens your computer, and even your business.
I hope that I’ve been of some help in this area. And as I said in Part 1, I’m always around if you have questions. Comments, email, Twitter… Get at me.
1 person has commented. What do you think?Mac vs. PC – Put Your Pitchforks Away
I’ve been to the future. What I saw wasn’t pretty. All these years, I was sure Skynet was going to bring about the death of the human race. But who knew it’d be civil war caused by an age-old conflict: Mac vs. PC?
Citizens of the Internet, you see it every day – Mac and PC users blindly firing shots at each other, back and forth, without end. What’s sad is that many of these people (on both sides – don’t kid yourself) do so without any idea as to the facts behind their own statements. They operate on hearsay, rather than formulating opinions for themselves.
I like to think I have a well-rounded perspective on the issue. As an IT guy who supports and uses both platforms, I know that both have their pros and cons. And my personal preference for Microsoft Windows doesn’t mean I’m going to criticize someone for choosing a Mac. That said, for the sake of educating the naive on both sides, here are my thoughts on Mac vs. PC:
“Macs are so over-priced.”
Yes, I’m starting this off by defending Apple. Ignorant PC users often complain that Macs are over-priced. Really? It’s true that you’ll probably shell out more for a Mac at your local Best Buy than you will for a PC. But have you looked at the hardware you get for that price?
Apple designs their hardware to be beautiful. It appeals to the senses. Smooth curves, aluminium unibody construction, sleek form factors… My sister’s iMac looks and feels awesome as part of the decor in her living room. I pick up a Macbook Pro, and it’s clear to me that it’s built well. I have an iPad, and I can tell you that it is solid. I toss it around all the time without ever worrying about it snapping or cracking. That’s more than what I can say about my notebook.
If these are things you place value on, then you aren’t wasting your money. Most PC manufacturers don’t pay that much attention to those details, and that’s why you pay them less. An exception: You’ll usually pay more for a Sony Vaio; But, well, look at them. They’re beautiful, and they’re built with high-quality materials. You get what you pay for.
“Macs never get viruses.”
People who insist that Macs simply do not get viruses – These are the people who make me laugh. Your Mac not getting a virus is not the result of good security. Here’s the truth of the matter:
For years, PCs have held the vast majority of market share in the computing world. If you’re writing malicious software, and you want to hit as many computers as possible, are you going to write it for a platform that only 1% of computers run on? Of course not.
Here’s a scary thought: With Mac popularity (and with it, market share) skyrocketing, virus programmers are seeing a much tastier target in Apple products. And because, up to now, OS X was left relatively untouched, Apple is facing the enormous task of plugging security holes that were largely ignored for years.
The fact is that Macs can and do fall victim to malware, with more and more viruses being written for them.
I use a PC, yet I never get hit by malware. Your best defense on the internet is, as always, common sense. (See: Discount Pharmaceuticals – Get ‘em While They’re Hot!)
“Everything on my Mac just works.”
Come on, people. Your Macs crash all the time. I see it happen all the time. Some of the most unstable computers I’ve worked with were made by Apple. But you know what? PC users don’t have it any better.
Software is written by imperfect developers who miss things and make mistakes. Windows and OS X are both full of bugs, but they’re getting better. Mac OS X is, for the most part, very stable. Guess what? So is Windows 7.
Some Mac users claim that PC users constantly have to deal with installing drivers. I’ve used Windows 7 since it was released, and I can’t remember the last time a peripheral didn’t just work on its own. Granted, you do run into problems with some devices on Windows, but there are simply so many more available. Mac peripherals are fewer in number, so quality control is easier.
Both platforms have some truly amazing and innovative products. Case in point: Time Machine is a superb backup product. Well done, Apple.
“PCs are real computers. You can’t do real work on a Mac.”
Someone said those words to me last week, verbatim. It’s funny, if you consider that the PC is definitely the dominant platform in the gaming community.
You can be just as productive on a Mac as you can be on a PC. You may do it with different software at times, but there isn’t much you can do on Windows that you can’t on OS X, anymore.
Chill Out
There are things I like about Macs and PCs alike. There are also aspects of both that frustrate me immensely.
To PC users: The next time you’re about to blindly criticize someone for using a Macbook instead of a Dell, think first. Consider that calling them a “fanboy” actually makes you seem strangely obsessive, yourself. So just be cool. To each his/her own.
To Mac users: I understand the appeal of the platform you choose to use. Just remember that your computer is not immune to the viruses you tease PC users about, and no computer is 100% stable, all the time. Still, I have to say that Macbook Pros are sexy. I’d love to buy one and put Windows on it 
Kudos to Apple for those funny commercials, but unless you work for their marketing department, this isn’t a war. So if Skynet wants us dead, let’s not make it any easier for it by killing each other over our choice of computers.
This crunchy poast was inspired by a series of tweets by Jeff Broderick. I don’t know him, but he seems like an interesting dude. And he definitely isn’t ignorant or naive. Thanks for the inspiration to write, Mr. Broderick.
1 person has commented. What do you think?Discount Pharmaceuticals – Get ‘em While They’re Hot!
Hello. I am the former Nigerian prince, Haskdjwoijg Nyorksdfi. I have selected you to be my heir, and have $500 million to be wired to your bank account immediately. Please contact me immediately so that we may set up the transfer of funds. And if you act now, I will provide you with a large stock of viagra and cialis I recently came into possession of. When our business is concluded, I will send you an e-card to thank you for your timely response. I look forward to doing business with you.
I’m an “IT professional.” I often tweet about this. You knew it was coming. Just a few small things to take note of to better protect yourself on the internet. You’re welcome.
You wouldn’t believe how often I get this all-too-familiar panicked phone call: “OMG! I’m getting all these pop-ups on my screen, there’s an anti-virus program that says I’m infected with 4,672 viruses, and my computer keeps trying to eat my hand! HELP!”
Congratulations. You’ve got the digital clap.
So what do you do now?
You’ve already called me. Good job. But I’m going to give you a few guidelines that will help protect you from having to make that embarrassing phone call in the first place, provided you follow them. So please pay attention.
Antivirus Software Recommendation
Invest in proper anti-virus software. Here’s a good one: GFI Vipre. Ditch the Norton Antivirus. Not only is it a less effective scanner, but it’s notorious for hogging resources and bloating/slowing down computers. It’s also far more expensive, comparatively. Vipre is effective, fast, light, and costs $30/year. Buy it now. And no, I did not get paid to plug this product. I’ve only been using it everywhere for over two years now, and can personally attest to it being a good product.
Online Protection is 25% Antivirus Software, 75% Common Sense
No one antivirus system can effectively block 100% of all malicious software. Good a/v is an important baseline, but real protection comes from using common sense and safe browsing habits. Don’t visit questionable web sites (lay off the porn), and be extremely careful when using your email (more on this in a moment).
Keep an Eye on Your Address Bar
If you think you’re on Facebook.com, but the site in your address bar says something like, “http://ihatepandas.com” or “http://142.48.72.108 …” you aren’t actually on Facebook. This is called a “phishing attack,” and it means you’ve just been tricked into visiting a malicious site designed to masquerade as a legitimate online service, and steal personal data or install bad software on your computer. Fish are tasty and healthy. Phish are evil and taste like betrayal.
Email is Dangerous
It’s a sad fact, but we can’t get around using it. So be careful. DO NOT click a link in an email without confirming the address it’s actually pointing to. DO NOT open an attachment from someone you don’t know, or even if you weren’t expecting it. DO NOT even think about opening an attachment that ends with “.zip” or “.exe” unless… No, just don’t. And e-cards? Forget it. When was the last time someone actually sent you one of those, anyway? E-cards are so 2001 – so don’t bother with them, just delete. Trust me.
Just a Few More on Email
Sorry. Prince Haskdjwoijg is never going to send you money. Those viagra pills are fake. E-cards are the devil. FedEx will never send you tracking data in an attachment. An online service will never “update their systems” requiring you to give them your password via email. And when in doubt, pick up the phone and call tech support (or a friend in IT) for verification. The only stupid question is the one left unasked.
If these points help anyone, even remotely, then I consider this post a success. Just remember, common sense is key. Keep your eyes open, and if you find that you’ve fallen victim to number three, consider changing your password(s). Here’s a great post on keeping your passwords strong: The Top Ten Commandments of Password Protection (edit: original link was to an article on Securityphile, written by Jason, but he’s since removed the article). You don’t have to follow all of them, but the more you do, the better.
I’m always happy to answer questions! Comment here, send me an email, or grab me on Twitter.
Part 2 of this post can be found here: Digitally Transmitted Diseases 101.
5 people have commented. What do you think?
