Wednesday, August 7, 2013

When Antimalware Goes Rogue

Let's tell a story, shall we?

Once upon a time, in a not-so-far-away, high-tech land, a young security enthusiast who enjoyed blogging almost as much as she enjoyed discussing Slenderman theories was surfing the Internet and came upon a Wiki page that seemed harmless.  Indeed, it was harmless.  However, a nasty hacker had anticipated her arrival and planted a very strange-looking piece of malware on the page.

The girl innocently visited the page only to find that it refreshed by itself, suddenly reloading into a white page with a popup: "Viruses have been detected on your computer.  Your computer must be scanned to prevent further damage."

Oh no!  How did this happen?  Did a bunch of viruses really elude this security nerd?  Would this mysterious and conveniently-located program that was causing the pop-up really save her from the deadly infection?


Most of you have probably experienced something similar before.  And, if that event in your computing life has taught you anything, it's that the pop-up on your screen is full of major BS.  If you were to click "OK", another window would open up.  What this window looks like varies depending on the program and the operating system (yes, some of these are written for Macs!).  However, for most of you it probably looks something like this:

Source: ZDNet.com

Or this:

Source: f-secure.com

Or this:

Source: eweek.com

Okay, and here's a Mac one:

Source: hkmacs.org
"Spyware is a type of malware that can be installed on computers..."
As opposed to types of malware that can't!  =D

You get the gist of it.  These pages try to make you panic and think that you've been infected by a gazillion viruses and must download Super Antivirus Pro Shield Supreme v2.0 to save your data!  However, in fact, these programs are called "rogue antimalware", or "rogues" for short, and their only purpose is to get you to pay for software you don't need.

After it does its "scan" and tells you that your computer is on the very brink of death, it offers Super Antivirus Pro Shield Supreme v2.0 for "only" x amount of money.  If you fall for its tricks, you'll go ahead and pay for the program—which, just by itself, would suck.  However, not only has the program scammed you into paying x amount of money for a BS-ing piece of malware (that you now have to clean off your system anyway), but you've also given the hackers your credit/debit card number.  Have fun with that!


Dealing With Rogues

If you happen to run into a rogue, try not to let it get too far into its scam.  The reason is that, even if you decline to download anything, it may automatically download a piece of malware onto your computer anyway—and, trust me, those are a serious pain in the you-know-what.  (My computer suffered an infection like that, and it took about 10 months to clean completely because it undermined almost every new real antivirus program I tried to download to fix it.  It was also the reason I started learning about malware, and it's how I discovered just how cool computers are.)

If you use Windows, Task Manager is your best friend in this situation.  (I don't know if other operating systems have Task-Manager-like programs, but hear me out.)  What you want to do is hit CTRL-ALT-DEL.  (You can also right-click the taskbar at the bottom of your screen and hit "Start Task Manager.")  If you use the CTRL-ALT-DEL keystroke, Task Manager might come up right away or you might have to select it from a list of options (depending on your version of Windows).  Regardless of how you do it, just start Task Manager.



This is what Task Manager looks like, in case you've never seen it before.  It's just a way to control the things that are happening on your computer.  As you can see, my browser session is in there ("Blogger: Technical Difficulties...").  That's me writing this here post.  However, if you're under attack by a rogue, you'll see another browser session (look for the icon of whatever browser you use) that probably has some suspicious name, like "Viruses have been detected on your computer blah blah blah...", "Scanning your computer blah blah blah", or "Super Antivirus Pro Shield Supreme v2.0" or whatever.  It should stand out to you.

What you need to do is click on this suspicious name and hit "End Task".  In all likelihood, it won't just close the page nicely like it's supposed to.  In fact, your entire browser will probably crash, closing all your tabs.  You'll lose any information that wasn't saved (i.e. forum posts, etc.).  But it's still a thousand times better than dealing with a rogue infection.


What if I Fell For the Rogue's Scam?

Don't feel bad.  It's not uncommon—especially since many rogues are written to look exactly like real, legitimate antimalware programs.  You will have lost some money, though, and you'll have to freeze the number of whatever credit/debit card you used so that the hackers can't rack up a nice fat bill for you to pay.

In addition, you'll need to get the rogue and anything else it downloaded off your computer.  Keep in mind that rogues are considered malicious programs, and some of them actually go so far as to damage your computer after they scam you (yes, these hackers really are pieces of s***).

If you look it up, you'll find many resources for cleaning a rogue infection.  However, I really like this YouTube channel.  As you can see, RogueAmp really likes infecting his computer with rogues and getting rid of them.  So he's pretty good at it.  He's done so many videos that you mind even find your specific program on his channel.

If not, however, these are the basic steps you should take:

1) Restart your computer.  Before you even see anything on your screen, start hitting the F8 key like crazy.  (Just do it.)

2) When you get the list of options, choose "Safe Mode With Networking".  (This allows you to access the Internet while in a mode that won't allow the rogue to push you around.)

3) Go online and download the free version of Malwarebytes Anti-Malware.  (Yes, this is a real antimalware program!  =D  I really love MBAM, and I learned about it through RogueAmp.)

3.5) MBAM's specialty is rogue removal, so it should be able to kill off the infection.  If not, ComboFix is another, far more aggressive program you can try AT YOUR OWN RISK.  (Notice that I'm not linking it.  You can find it on CNET, if you're really interested.)

3.75) Let me stress that again: COMBOFIX IS REALLY FREAKING AGGRESSIVE.

4) Restart your computer.  It will automatically load into Normal mode.  You should be rogue-free!


What if the Rogue Downloads Something Automatically?

Again, sometimes you don't fall for the rogue's scam but something gets downloaded on your computer anyway.  This is what happened to me.  The problem with this type of infection is that rogues are infamous for disabling real antivirus programs (that's why restarting in Safe Mode is so important).  However, it can be fixed through the very method described above.  Again, Malwarebytes is known for its rogue removal, and it was the program that finally got rid of the marathon infection I had.

I wouldn't use ComboFix unless absolutely necessary, and even then I'd be REALLY careful (and I'd back up personal files).  I've actually never used ComboFix before, so there's my disclaimer.


Yeah, this was a really long entry.  However, I think I covered all the basics of rogues.  You've got an idea of how to identify them and what you need to do should you be infected by one of them.  I think the most important rules here are 1) never trust a program that just pops up out of nowhere and offers you something (especially if it asks for money) and 2) don't give your credit or debit card number online unless you KNOW you're on a secure website.  Scams happen all the time—and you do not want to be one of the victims.

Thursday, August 1, 2013

What the Common App DOESN'T Need to Know

This year, millions of college-bound seniors will be using the new generation of the Common Application, CA4, to apply to colleges.  In fact, some of them have already gotten started!  I've already looked over the application (and filled out most of it) myself, and while a lot of things have been revamped, one thing about the CA always remains the same: the onslaught of detailed questions they ask.

I'm not going to demonize the amount of information the CA wants; obviously it has to ask a wide variety of questions to cover the needs of all its members.  However, some of these questions do get rather personal, and they're not always required.  Here's some information you might opt to leave out:

1. Your Social Security Number

I've noticed that it's not uncommon for people to ask about my SSN for various things—for example, my community college, which wanted to use it in place of a Student ID number.  However, the truth is that the only people who need to know this number are:

1) Government agencies (such as the DMV)
2) Your employer
3) A school your applying to only if you're applying for NEED-BASED aid.

You should never give out your SSN unless you absolutely have to.  And if you either have no interest in financial aid or are applying for merit-based aid only, you don't have to.  Besides, do you really want your most critical (and most exploitable) ID number floating around admissions offices?


2. Your Demographics (Race, Religion, etc.)

I have yet to see a college application that doesn't ask questions about race/ethnicity, religious preference, or something similar.  These are for statistical purposes, and they usually don't affect your admissions decision.  However, not all of us want to give out such personal information.  Even though it isn't necessarily sensitive information, you might feel uncomfortable with the idea that this college officials are so interested in getting this information from you (regardless of whether you are considered "majority" or "minority").

If you are uncomfortable with giving demographic information for any reason, know that you don't have to answer ANY question in the "Demographics" section.  And you shouldn't feel bad about it, either.  I am a firm believer in opting out of giving personal information whenever possible.


3. Certain Family Questions

The CA has a page where they ask you a lot of questions about your family.  Again, this is extremely personal information.  Again, it's not that you're ashamed of your family, just as there's no reason to be ashamed of your race/religion.  It's just that you might find it a bit peculiar that a bunch of people you've never met are so interested in finding out your mother's middle name.  (Or maybe it's just me.  But that's why I'll make a good security specialist.)

Keep an eye out for the "Required" fields on this page, because some questions are optional.  It's important to note that, while this wasn't the case last year, the "sibling" section is now mandatory.  I have no idea why.


4. Unnecessary Contact Information

Yes, they need to know your name, your email, and your phone.  They also do need your home address, even though it's an online system, so that the colleges you're applying to can contact you.  (Though you can opt out of this in your account settings.)  But only give them as much as they need—for example, only one phone number (whichever one you use most often.  Only give them another number if you really think both are necessary for colleges to stay in contact with you.

(This isn't relevant, but I would like to say that I'm very amused by the fact that the CA no longer asks for your AIM address.  That always cracked me up.)


BONUS: Stuff the CA Does Need to Know

Here's some info you don't want to leave out.
  • Some form of contact information. They ask for email and phone, but they'll probably only use your email.
  • The "Geography" section.  This used to be listed under "Demographics", but has been separated because it's all required and more relevant.  A college needs to know whether or not you are a citizen of the country in which the institution is located.  In addition, if you are from a country that speaks a language other than the primary one spoken at said institution, the CA wants to be sure that you're good enough at the institution's language to learn successfully.
  • Most family information.  I don't know why they want it, but most of it's required.
  • Self-reported grades and test scores.  You might not know what your class rank is, but you can calculate your GPA, and if you took any standardized tests you probably know your scores by now.  Colleges will accept all of this information as unofficial reports they can look at while they wait for your official scores and transcripts.  (Just be sure you've got accurate information—you don't want to appear unreliable.)
  • Anything that makes your application more cohesive.  You might find that leaving out certain pieces of information, even if they aren't required, leaves some parts of your application unclear.  (They may not be required, but they might help to elaborate more on your answers to required questions.)  If this is the case, and you feel comfortable answering those questions, then go ahead and do so.

In the end, the chances that the CA is trying to scam you/is going to be ambushed by a wild gang of hackers with a preference for college admission websites is pretty miniscule.  But it never hurts to take a few extra steps to protect yourself—it could really save you a lot of grief in the long run.