Fake Alerts

I wanted to do a little education on fake alerts. These have been around for over a year but I’m still asked about them. What happens is a legitimate website uses banner ads. The ads rotate around and point to other websites for the content. Those websites then get hijacked and a bad person inserts code that displays a fake image (it can even be animated to look like its really scanning). When you click on the image (like the the “clean computer” button) it redirects you to the hijacked site and tells you to run a program to disinfect the computer. The program is really a virus or some form of malware.

We do our best to keep programs like Java and Flash up to date so these are minimized but we have very little control outside of that. Installing filtering hardware or software is an option so please let us know if you are interested in this option (has many other benefits as well which I’ll talk about in another post).

So, what do you do if you see one of these? First of all, you know its fake because the alerts are within the browser and almost of all CITS clients do not see real virus alerts (the admin is notified). Simply log off and log back on. If you really don’t want to logout then stay away from the mouse (because any of the buttons might be fake) and press [Windows+R] to get a run prompt, type in cmd , press [ENTER], type in

taskkill /f /im iexplore.exe  if you have Internet Explorer open
taskkill /f /im chrome.exe  if you have Google Chrome open
taskkill /f /im firefox.exe  if you have Firefox open

Yes, it will close all of your tabs and browser windows but I’ve found there can be more than one and I’ve seen Internet Explorer still in the background after all windows were closed.

Fake Virus Alert