How does spyware get on your computer?

by

You have a good antivirus program that is updated, you have Malwarebytes that is running all the time in the background, you don’t go to websites that are considered “bad neighborhoods”…so how in the world does spyware get planted in your computer?  I recently saw a good example of how it happens.

spyware

This past weekend I was over at a friend’s house, and while I was there he asked me about this screen that showed up on his computer.  It looked like Windows was warning him about all kinds of problems that he needed to get rid of.  It was a complete scam.

Here is how it happened (you can click on any image to see it full size).

My friend Brian was on Google, and he did a simple search to research some information about a handgun.  Here is the search he did:

The important entry in the search results is the last one in the image:

On the surface it looks innocent enough, except that some of the wording in the title appears to be something other than English.  Anyway, Brian clicked on that link and then he was directed to this page:

This page is very cleverly designed to look like the Windows Explorer screen on your computer (click to see it full size if the image above is too small).  However, that is not any kind of warning your computer would create.  It is simply a web page designed to look that way.  That green bar in the middle filled up just like a regular progress bar does, but it is only an animated image.

After that screen was there for a few seconds, Brian knew something wasn’t right about this, and he clicked the X to close the window.  That’s when this appeared:

That’s the scammers making one last attempt to download their software to Brian’s computer.  Had he clicked on the link they told him he should, he  REALLY would have been infected.  In many cases these “rogue antispyware” programs can render a computer virtually unusable until they are removed.

3 lessons to learn from this:

1. Any website, however innocent it may seem, could be malicious and try to install bad stuff on your computer.

2. You need to have antispyware software, such as Malwarebytes, installed and running.  I did a full video review on Malwarebytes not long ago.

3. You need to keep your web browser up to date.  The web browser that Brian was using is Internet Explorer 8.  You might notice at the top of the image on the “scam” screen, IE8 blocked the site from downloading software.  Earlier versions of Internet Explorer might have just let it come right in.  When I went to that same page using Firefox, I got this warning:

Share this post

5 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

Moe Beaudin
January 10th, 2011

On two occasions I have had a pop up appear from Microsoft Security Essentials telling me that something bad had just gotten into my computer and it asked me
if I wanted it removed. When I responded yes, it removed it and told me it was gone. So at your recommendation this antivirus software was added to my computer and it works great. Malwarebytes removed a trojan last year and despite all of the precautions we take the hackers and other deviatents just keep
coming up with new headaches for us, as if life isn’t hard enough. So thanks for
all the great advice and tips.

J G
January 10th, 2011

From some of my experiences, by the time you see that ‘Cancel’ box, it’s too late, they’ve arranged it so hitting either button means ‘Please install your nasty-ware on my machine’

I’ve had people actually shut down their machine at this point, and they already had the first elements of the malware installed.

From my own programming experience, it’s possible to have stuff placed on your machine without notification, depending on your familiarity with the underlying components of the Operating System. And many of the virus authors are more conversant than I.

I avoid the use of IE due to the close coupling between it and the OS, I run antivirus and anti-rootkit, I scan with various alternative sources periodically, and I still don’t trust the result.

I also use Mac as my primary development platform, it has automated full backups and recovery and the integrated security is still unmatched by anything offered by Windows.

– Just my $0.02

Maurice Gilbert
January 10th, 2011

A few months ago, in a careless moment, my system got “infected” by
a similar spyware…which for 2-3 days rendered my computer almost
useless. Fortunately, I was able to get a network connection via
SafeMode and went to a forum where I learned of Malwarebytes…which
I downloaded for FREE, but was so impressed by how quickly it cleaned
up the mess that I subscribed to it!

All it takes is a few minutes, and you’re as good as rain!

Robert
January 10th, 2011

I use a Mac, so the spyware bounces off my OS while I laugh at the site’s pathetic attempt to emulate what “my computer” would look like.

Scott Johnson
January 10th, 2011

And the logic that “I use a Mac, so I’m immune to viruses or spyware” is what makes many Mac users a very easy target. Malware for the Mac does exist, so you need to run security software for protection.