Hit it again: the site that downloaded a program that wiped Hal’s computer clean as a whistle. And I stumbled across it while researching Lotrel, of all things! When I realized I was at the Malicious Drive-By Download site (MDBD), I wrote down the web address then tried to close the window. Which was more than a little difficult because, when you get one closed, other windows pop-up. Eventually, you have to press "OK" to get the MDBD window to close… iffy pressing OK.
When I did get it closed, I did an AVG, my anti-virus program, sweep and the thing had downloaded anyway! Creepy. On top of that, it was such a stubborn little program, AVG couldn’t get it to the virus vault so I had to manually delete it. Sheesh.
Because I’m a dummy, I went back to the web address and took a bunch of screen shots so you’d know what to look for and won’t fall for the ruse. Despite what I thought in the previous post, the MDBD warning window that pops up is an actual movable Windows window, a pop-up that gets around your pop-up blocker somehow. I’d thought it was a graphic on the webpage when it happened to Hal, but it’s not. It’s a window. Those MDBD guys are clever.
According to AVG 1 in a 1000 websites are MDBD sites. That sounds like a lot…
Here are the screenshots and what happened. To see the screenshots, click on them and they will open up in a bigger window:
1. To start with, I misspelled Lotrel. My initial search was on Lotril with an i. That’s why I got all these sites about impotence. Lotrel is for high blood pressure so I guess the marketing whizzes at MDBD saw an opportunity to appeal to geezers. When I went back to that first search results page to find which link had led me to the MDBD, I found almost all of them did. Except the one that led to a porn site. So the misspelling started me off on the wrong foot.
2. This is the MDBD website and the first window that comes up. Notice the pop up window is labeled Windows Internet Explorer. Looks pretty authentic.
BTW, this is actually the second time I went to the MDBD site because I didn’t think to get a screen shot the first time. The first time, the little pop up window said: "Attention! Your PC may not have virus protection system. This may lead to your PC being infected. Now your system will be scanned for security risks. Press OK to continue." Clearly, whoever wrote this is not a native speaker of English.
3. Between the first and second visits, I installed the AVG toolbar. So on the second visit, AVG warned me about the site. The first time I saw the AVG warning window I thought it was another MDBD fake one!
This trip through the MDBD site, while I’m taking the screenshots, I had to close the AVG window via the "x" in the upper right corner. If I had closed with the AVG "OK" button, it would have closed the MDBD website and I couldn’t have proceeded through to see what happens and get the screenshots. So I risk it all to get some screenshots… brilliant.
4. Once I got the initial MDBD pop-up closed, this webpage appeared (with my trusty AVG alert on top.) I closed the AVG alert window via the "x" so I could see the MDBD page.
5. Notice MDBD’s "logo" is shaped like a Window’s security logo but with the colors of my AVG logo. Going for an authentic look without getting sued for logo infringement. When I clicked the "x" to close the MDBD website …
6. … I got this pop-up. I did not want to press "OK" or "Cancel" – they both were suspect as far as I was concerned – so I closed the pop-up with the "x". That worked. Then I closed the webpage with its "x". That worked.
7. Only, look, the MDBD has opened a new pop-up ("Antivirus 2008…") with my AVG warning window on top of it. AVG is on the job, I like that! Now you can also see AVG and Skype that have been open on the desktop.
8. So. I closed the AVG warning window so I can get the screenshot. You can see the MDBD site. If you don’t have an anti-virus software program like AVG, this is all you’ll see. You won’t get any warning. The MDBD site is very well done… it looks completely authentic to me. Even though the English is a give-away, you have to read it carefully to notice.
9. Unfortunately, closing this last MDBD page is not easy. The little pop-up kept coming up. I’d close the MDBD pop-up by clicking the "x". Then click the "x" on the main window and the little MDBD pop-up would pop back up asking again did I really want to close this valuable website? This is where I finally had to click "OK" to close the whole thing down.
The Evil Opposite Tactic: Notice that you are instructed by the MDBD pop-up that clicking "Cancel" gets you the software, while clicking "OK" gets you out of the site. Most of us will automatically click "Cancel" to get out of something… but those clever bad guys set it up to trick you. Evil.
10. Once I finally gave in and clicked "OK" and got the last of the windows closed, I ran AVG again and it found the MDBD software again. Both times the software had downloaded, even though I tried my best to avoid it.
I visited the site a third time, while I was checking the links from my Lotril search. As soon as my AVG warning box came up, I clicked "OK" (instead of closing it via the "x") which gave AVG permission to block the site and keep the software from being downloaded.
We’ve used AVG for at least four years. We bought a package of five licenses and just keep renewing them. It works great, especially now with the toolbar on the browser. Without the toolbar, the virus slips in… you need that toolbar!
My question is: why do people spend their time creating malicious software? What do they get out of it? The Conspiracy Theory is that anti-virus software creators create some of ’em… There’s a certain logic to that. I used to suspect my monthly pest control expert of spraying sugar water around the house once every few months, too. Yeah, completely paranoid. I think I’ll keep my AVG subscription current. Just in case.
I work in IT (after a total switch of careers but well, the pay is good and I enjoy it too)
The reason these people infect computers is (at least and of the top of my head) twofold
a) swamp your computer with popups to try to sell you anything from viagra, fak watches and (the nerve!) removal software for the spyware they just put in your computer……of course there is a % of suckers that actually buy those products
b) use your computer as part of a botnet / spam-network, so your computer relays emails for (even more) fake watches,viagra,etc. Also in a more extreme and evil way……once your computer is compromised it can be used to launch attacks against juicier targets……say I log in to your computer (via malware/spyware/root kits etc) and from THERE I try to break into a bank mainframe.
Another thing is whats called a DDoS attack, esentially this is sending a crapload of requests to a given site, imagine what would happen if suddenly I send the amount of traffic that amazon.com gets…….to (For example) amcostarica.com? of course the server cant handle that load………so I call amcostarica and say “you want your server back…….send 20k USD to this account and if you don’t I will keep hammering your connection”
Its the IT equivalent of sending an army of people to a small store, none of which have the intention of buying anything, what they’ll do is prevent the legit customer from coming in
another common use of infecting a computer is, you log in to your bank right? I can easily install a keylogger……and record your username /password……and if thats all I need to log in ….then I am all set for emptying your bank account
I’ve also been in IT for many years. I routinely hit the Escape key to close out most any pop-up window or “dialog box” (such as what you get when you go File -> Print). In my experience, Escape always backs me out without anything getting changed, and I believe it’s impossible (or harder?) to fake or “hijack” it, whereas it’s not hard to fake an “X” close button graphic.
Another thing you can do is bring up Windows Task Manager (Ctrl-Shift-Escape is one way) and force-quit or terminate something you don’t want running.
For web browsing I mostly use Firefox combined with two very important Add-ons: Adblock Plus (which blocks almost all ads, not just the pop-ups, and I hate browsing without it!) and CS Lite, which allows me to manage which cookies I want to permit on my system. After installing it, set Firefox to refuse all cookies (and clean out any you presently have). Then as you visit sites, with a couple of clicks you use CS Lite to tell Firefox to allow this site’s cookies (for sites I trust and where cookies are necessary or useful, like Amazon and Yahoo), or just to allow them for this session (for sites that I don’t fully trust, but which won’t work without having cookies enabled). Good for the paranoid :-). Firefox & the add-ons are free.
I’ve had similar ad & cookie blocking programs on my elderly father’s PC for years, and even though he’s average in terms of being computer-savvy, he’s never gotten any spyware (when I’ve checked). Mom has a Mac, which is another way of (mostly) solving the problem.
I’ve used AVG and liked it, but now run avast!, another good free-for-home-use antivirus program. A third free one that gets good reviews is called Avira.
On a totally different topic, I’ve bought tickets for my first trip to Costa Rica! I’ll be coming down on 7/19 for a couple weeks at CISA, followed by a week starting in San Jose (joined by my sister) to do some tourism–medical & regular. Not sure if we should stay in the San Jose area & do day trips, or split our time with another place, probably by the coast. We’re still figuring out our itinerary for that week.
Cheers,
…Chuck
Wolfie: whoa. If I were an evil genius, I’d be rich… Maybe you know this answer: I have a notepad in my computer with my passwords typed into it. When I want to put in a password, I copy and paste it from this notepad so I’m not typing it in everytime. Does that thwart a keylogger?
Thanks, Chuck, I didn’t know about the escape key – very good to know! And I have a new computer with vista and the control-alt-delte brings up a whole new blue windows screen that gives me options of locking my computer, shutting down… a few other things. I don’t get the task manager like I used to. I gotta figure that one out.
I would not stay in San José unless you really like cities. It’s a fascinating place, though. There is La Casa de las Tias here in Escazú, about 15 minutes from Clinica biblica (I love CB – great hospital). It’s a B&B run by good friends, I’ve recommended it to several people and they’ve loved it. The site is here:
http://www.hotels.co.cr/casatias.html and tell them I recommended you (Sally from Little Theatre Group) and you might get a discount.
Don’t know any place in the city to stay except the big hotels. How fun to be coming here for the first time – Manuel Antonio is great for a coast trip and my favorite place is Volcán Arenal – fabulous.
Are you renting a car? GET A 4 WHEEL DRIVE, I don’t care what anyone says. And they have GPSs now which get you everywhere, amazing.
Cool.
Oh: I’d heard of Avast! but have not used it. Free is always good.
I used to use Mozilla but now use Seamonkey. Mozilla kept bogging down for some reason… and Firefox is doing away with apparently. I’ll check for those add-ons with SeaMonkey since it’s created by the same people. When I ran the AVG, there were a zillion cookies. Thanks for those tips!
Two little programs a computer friend told us about (both free): CCleaner.com and iobit.com. Both have worked great for us, actually see results from running them periodically.
Thanks for the tips on San Jose, etc. Since I’m coming in to San Jose on a Saturday and then on Monday doing the Clinica Biblica “Comprehensive Executive Plan B” physical (including the tube stuck 17,000 feet up my butt, to use Dave Barry’s phrase), I hope to find some nice place not too far from HCB (say, up to a 30″ taxi ride) for Saturday through Monday or Tuesday night. I’d like an attractive place–moderate-to-nice price range–with a view, where my sister can hang out & relax by the pool, perhaps, while I’m getting poked & prodded. Then after the HCB stuff is complete, we’re undecided. I’ll definitely check out La Casa de las Tias. She’s into horses, and was thinking about this outfit: http://www.horseridecostarica.com Know anything about them? The rainforest zip line idea also interests her, although I have a fear of heights, so I’ll probably pass on that while she’s flying through the treetops.
Probably not planning to rent a car at this time–I’m content to use taxis & tour shuttles, I think.
On computers, you can get to Task Manager in Vista via Ctrl-Alt-Delete + one extra step, clicking on “Start Task Manager” (at least according to the Vista book I’m looking at–I still haven’t got it on my main PC). Or, the book says, you can save a step by right-clicking the taskbar and choosing “Task Manager” from the menu. I suspect my old Ctrl-Shift-Escape sequence works, too, but I haven’t tried it in Vista.
I’ve had my dad using SeaMonkey the last few years, and yes I got AdBlock Plus and a different cookie manager to work with it, although it did take an extra step or two, as I recall. I didn’t understand what you said about Firefox: “…Firefox is doing away with apparently”. They’ve just last week released a new version 3.0 which is working fine for me. If it still bogs down for you, try creating a whole new user profile (new bookmarks, preferences, cookies, cache, etc.) in it and see if that works better. On my machine, if I run the following, I get Profile Manager (I’m not sure if there’s an easier way):
“C:Program FilesMozilla Firefoxfirefox.exe” -profilemanager
…Chuck
Saratica, only a very primitive keylogger would be defeated by that……its trivial to capture the contents of the windows clipboard (anything you copy/paste gets in there)
Unfortunately (for the good guys) ‘simple’ ways to protect stuff are not that common, a password manager such as seamonkey is a good start though.
WolfieCR’s last post reminded me I forgot something earlier. I recently did a bit of research on how to get around keyloggers, figuring I’d be using public computers at Internet cafes while in Costa Rica. A Microsoft researcher’s paper from a couple years ago suggests doing this: as you type in your user name & password, intersperse those keystrokes with other keystrokes elsewhere in the same program’s window. So for example, I’d enter “C” in the user name box, then in the address bar or some other box, enter “x*2” then “h” back in the user name box, then “2hbm” somewhere else, etc., etc. It should be done all in the same program window, however. Hopefully keyloggers haven’t gotten smart enough in the last couple of years to get around that. Here’s where you can find the article:
http://research.microsoft.com/research/pubs/view.aspx?id=1651&type=Publication
Also, here’s a recent list of best free antivirus/antimalware programs from PC Magazine:
http://www.pcmag.com/article2/0,2817,2260108,00.asp
Other top-rated free utilities are available in links from this article.
…Chuck
Chuck, you might ask Teri at yo-yoinparadise about the horses, she’s a horse person and she’ll know all the horsey people around Jacó. And make sure you say ha-KO. We gringos want to say HA-ko…
I’m going to go back to Mozilla and have a look. Maybe i misread it, but I thought the SeaMonkey site said Mozilla would be phased out.
right-clicking the task bar gets the task manager – how about that! Thank you!
Um, Chuck. You read the instructions? I guess I assumed you were a man by your name. Sorry for thinking inside the box….
Thanks for letting me know, Wolfie… Geez. So I will use the password manager. Every browser has one – I thought maybe they were easy to break into. Is nothing sacred???
I’ve come across a MDBD. Tried closing the window the same as you. The result in Xing it out, it keeps opening back up.
So I got nasty too. Did Ctrl-Alt-Deletle and brought up my Task Manager. Found internet explorer in either applications or process (forget which) and used the End Process or End Task.
That stopped the download box from popping up. Seen Chuck used that method too.