In the last week, four computers in one K-State department were compromised and used to send massive amounts of spam to recipients all over the world. Likewise, I was contacted by a K-State employee who had warning messages pop up repeatedly on her home computer telling her the computer was infected and she needed to purchase special software to fix it. The common denominator in all five cases is rogue anti-spyware software called “Antivirus 2008 XP” (aka “Antivirus XP 2008”) that’s making the rounds on the Internet.
Typically, this malware gets installed when you click on a malicious link in a spam e-mail. Symantec reports that this fake security software has been associated with spam e-mails that claim to provide “updates to Microsoft products, including the Malicious Software Removal Tool and Internet Explorer 7, videos with adult material, and news alerts from CNN and MSNBC.”
Once installed, it pretends to scan your computer and then claims to have found a large number of security risks that can only be removed by buying their software. The risks are all fake and the rogue software continues to pester you from that point on with incessant pop-up warnings like these:
If your computer gets infected with Antivirus 2008 XP, do not click on any links in any of the pop-up warnings. Contact your IT support person, the Technology Service Center, or the IT Help Desk for assistance in removing this malware. You can also find removal instructions by searching Google for “Antivirus 2008 XP removal”, but be careful that the instructions and/or removal tool you use are provided by a reputable website.
K-State’s Trend Micro OfficeScan will detect some forms of this malware, and newer web browsers will try to prevent you from visiting malicious websites known to contain this rogue software. However, the spam e-mail messages used to distribute this malware, the installation files, and host websites are constantly changing, so these tools cannot prevent 100 percent of the infections. The best prevention is for YOU to never click on a suspicious link or attachment!