FAKE  WEBSITE  WARNINGS,  ALERTS  AND  POP-UP  WINDOWS

In this example I will be showing you some of the things to look out for when a potential virus or other malware (malicious software) attempts to get on to your computer via fake websites, fake pop-up windows, fake warnings, fake alerts and so on. The example also shows how good Norton Internet Security 2011 is at blocking these attacks.

Although Norton has a bad press sometimes for being bloated/heavy software that hogs the computer's resources, such as Memory and CPU, it is actually very good at blocking attacks from Adult Material (Porn) websites for example. This is a sign of good security software, when it can block Adult Material (Porn) websites - Adult Material (Porn) websites tend to attack more than any other type of website.

I have used real Adult Material (Porn) websites for the examples below in order to gather the following screenshots. This means some of the screenshots will contain wording and imagery relating to Adult Material (Porn). Don't worry though, I will NOT be asking you to go to any Adult Material (Porn) websites in order to follow the examples below.


I have used Adult Material (Porn) websites merely to emulate the fake alerts and so on that can come from Adult Material (Porn) websites, as well as from Music Download websites and Fake Websites in general (such as Fake Bank websites and Fake Virus Protection websites).

By continuing to read this section (lesson) you acknowledge this web page will contain certain words and screenshot imagery of an Adult Material (Porn) nature.


DO  YOU  HAVE  THE  ALERT  SOFTWARE  INSTALLED?

In this first example I have received a fake alert (pop-up warning) window that is trying to pass itself off as the original Microsoft Security Essentials program, even though I do not have Microsoft Security Essentials installed on my computer. I am using Norton Internet Security instead. So this automatically tells me this is a fake alert/warning and that the malware program is just guessing/assuming I have Microsoft Security Essentials installed. In other words, sooner or later they will hit a customer who does have Microsoft Security Essentials installed and therefore does believe the warning message (alert).



Fig 1.0  Is the program that is displaying the alert really installed on your computer?

Even if I was doubtful, because I did have Microsoft Security Essentials installed on my computer for example, I would then question the website address inside internet explorer's website address bar.

IS  THE  WEBSITE  ADDRESS  FAKE?

When I was on a porn web page whereby I then clicked on a video link, in order to view the porn video, I was taken to the website at address 04.3d957def.com instead. This then brought up the above alert.

Normally, without any kind of security protection, that bad website address would of succeeded in going to a bad, malware, website where more trouble would of been waiting for me. I might of been asked to pay for some security software that supposedly gets rid of these, fake, malwares. The fact that Norton was able to stop it in its tracks though, denoted by its notification area message (below), is a testament to Norton's strength.



Fig 1.1  Norton Internet Security has saved the day by blocking this potential attack of my computer

At this point I would ask myself - Does that alert website address look real or fake? Surely it should be something like http://www.porn.com/dirty_video/. I would also ask myself if I know the website 3d957def.com (the 04 is just a sub-domain).

Also at this point I would NEVER TOUCH ANYTHING ON THAT WEB PAGE AND ITS INTERNET EXPLORER WINDOW FROM NOW ON. By clicking on the alerts red X (eXit) button, to close its window down, I might be causing more problems for myself. That button could be programmed not to close the alert window, but instead be programmed to activate a virus or worse. So the golden rule here is that if any alert window pops up JUST LEAVE IT ALONE. Regardless of what you want to do to get rid of the window, you would not and should not ever click on the CLEAN COMPUTER button. That is what the malware programmer wants you to do.

They are just scaring you with words like - "If you take no action now..... and click on the CLEAN COMPUTER button now....." in order to panic you into a wrong decision. They let you think that if you do nothing, and then shutdown your computer for example, something bad might happen upon restarting your computer again; when the more realistic answer is that if you do nothing, shutdown your computer and then call a computer engineer, you are limiting any future trouble from happening.

What normally happens when people see one of these alerts is they try and close (exit) its main internet explorer window, if possible, and hope the malware problems will disappear by way of no more alerts. However, this normally leads to more alerts! So always leave everything alone and then shutdown your computer straight away (if possible) and call a computer engineer. Do not attempt to save your work (i.e. a word document you are working on) as it might get infested by malware, if is it not already infested. Hence why regular backups of your work, when the computer is normally clean, is always a good option.

INVESTIGATE  THE  WEBSITE  FURTHER

One thing you can do, on another computer (in an internet cafe for example), enter the website's details into a search engine such as Google or Yahoo and see what comes up. Others may of already reported it on forums and blogs for example as being a bad website and may even tell you what the malware will do. In this case though I clicked on the VIEW DETAILS link inside the norton notification message to get further details regarding what has happened to my computer, if anything, regarding this potential attack.



Fig 1.2  Norton Internet Security reports the state of play regarding this potential malware attack - It managed to block the website

Luckily for me Norton Internet Security was able to block this potential malware attack because it was up-to-date and more importantly knew how to combat this particular method of attack, but this might not always be the case; regardless of what internet security protection software you are using. Meaning.....

ALWAYS  KEEP  SECURITY  SOFTWARE  UP-TO-DATE

.....Security protection software is only good when it is up-to-date and more importantly when it knows about a certain attack and knows how to combat it. Paid-For internet security protection software, as opposed to free internet security protection software, normally means better support, protection and more frequent updates.

One thing you may not realise is that it's no good keeping your internet security protection software up-to-date if your Windows Updates are not up-to-date. Meaning, some internet security protection softwares rely on you having certain windows updates installed in order to fully protect your computer. A service pack is such an example. If a virus programmer detects you are using Windows XP (built-in 2001) with no windows updates installed since 2001 it would slaughter your Windows XP is a short time, even though your internet security protection software may be up-to-date. The internet security protection software would fail to do its job properly through lack of updated windows updates. In other words, the two help each out and keep your computer protected.

The screenshot below and norton screenshots above are testimony to the just said. With an up-to-date computer, security-wise, even Internet Explorer 9's smart screen technology can block bad websites from displaying their bad material and redirection to another web page.



Fig 1.3  Internet Explorer 9 has blocked this website from going any further

In this next example I am testing the protection of Norton Internet Security 2011 by purposely trying to allow the bad, malware, website do harm to my computer. This is even greater testimony to the above said.

ANOTHER  EXAMPLE  OF  A  FAKE  ALERT

A message requester has appeared stating my computer is at risk of malware attacks - If I was a standard user I might believe the warning (message requester) if it wasn't for the fact that it also opened up a small, suspicious, internet explorer window; and the fact that I am not a standard user. Anyway, in this example I clicked on the OK button to see what would happen - Remember this is my example. You should never click on the OK button.



Fig 1.4  A fake warning has appeared - Never ever click on its OK button

After clicking on the OK button the following window appeared whereby I purposely click on its RUN button to run (launch/execute) the fake program called fix_pack17101e_2363.bat, which is actually a batch file; a file that executes many instructions from a list (batch list of instructions) - Remember this is my example. You should never click on the RUN button and never try and run a malware program/file.



Fig 1.5  The fake warning wants me to run its malware program (file) - Never ever RUN a malware program (file)




Fig 1.6  Internet Explorer 9 wants to know if I am sure I want to run this malware program (batch file)




Fig 1.7  Norton Internet Security 2011 has identified the batch file has a threat

As you can see; at this point both internet explorer 9 and norton internet security 2011 have blocked off this threat/attack, even though I have insisted on activating (running) it. And if I insist further internet explorer 9 still blocks it (below). This is because internet explorer 9 and norton are both up-to-date and working to defend me, even when I insist on running the malware program/file and therefore ignore the threat. Remember, I am emulating what a standard, innocent, user might do.



Fig 1.8  Norton internet security has deleted the batch file, hence why internet explorer 9 cannot find it and run it.

This next example is a classic message window. It starts by using an animated progress gauge to fakely report the number of threats/malwares found on your computer and then expects you to click on its REMOVE ALL button to get rid of the threats/malwares. Clicking on its run button though will actually infest your computer with real malwares and then have the cheek to ask you to buy some software to destroy those, now real, malwares.



Fig 1.9  Don't click on any buttons whatever you do

Here's another example. It is reporting that the porn websites I have visited have caused critical system problems (malwares) and is expecting me to click on its YES option in order to remove those problems and therefore restore my computer's stability.



Fig 1.10  Don't click on the YES button whatever you do

When things are getting really bad Internet Explorer 9 has a great option for you. It displays the following message requester that allows you to leave the actual page causing the problems, therefore eliminating further potential problems.



Fig 1.11  Internet Explorer 9 helps by allowing you to leave bad web pages

Although this section has focused on problems related to visiting an adult material (porn) website, the above said is still true for fake/malware websites in general (i.e. fake music websites, fake bank websites, malware download websites and so on). In other words, you will probably see windows and message requesters that look more or less the same as those above when visiting any fake/malware website.

The three key areas for you are; 1) Always keep your computer and security software up-to-date. 2) Do not click on any buttons when you see a pop-up, fake/malware, window or message requester appear. And 3) Try and remember which website you visited before getting the problems, so you know to avoid it next time and possibly report it to the appropriate security software website so they can check it out and help others avoid it.