We have seen a lot of computers infected recently with "Fake Antivirus" programs. After browsing the internet, the user restarts their computer and are then locked out of everything - unless they pay for "Virus Protection". This free download from Trend Micro will help prevent this sort of attack - even if you already have an Antivirus program installed.
How did my computer get infected? I have an Antivirus program installed!
Most antivirus programs use a definition file, which lists all the viruses it will recognise. For home computers with a free antivirus program, these definitions are updated once a day. Unfortunately, there are two problems;
- The definition file will only contain viruses that the Antivirus supplier have detected and analysed.
- Most computers are connected to the internet permanently, so viruses can spread within hours.
So, there is a window of opportunity known as "Zero Day" between a virus going into the wild, the antivirus people spotting it, updating the definition file, and the new definitions updating the antivirus on your computer.
But how did a virus get installed? I didn't click on anything!
Internet Explorer is not supposed to download or run dangerous code without warning you. Unfortunately, even with the latest versions of Windows and Internet Explorer there are still bugs being found and exploited by virus writers. Microsoft patches these exploitable bugs, but the virus still has the "Zero Day" to get on your system.
So, what can I do?
Trend Micro have released a free program called Browser Guard, available to download from their website. It works with Windows XP, Vista and Windows 7. There are more details in the Trend Micro blog.
This program does not use definition files to spot viruses, so you should still have an Antivirus program installed. Instead, it monitor's the behaviour of Internet Explorer to see if it appears to have been compromised into running scripts or other code.