How did that stuff get on my computer?  That is a question I hear all the time when I see an infected computer.  The owner typically insists that s/he did nothing to invite malware into the computer.

All of a sudden, there are new icons on the desktop.  Your homepage takes you somewhere you don’t want to be.  Pop-ups are warning of dire problems.  The computer seems extra slow.  If this has happened to you, you’re not alone!  Novices and experienced computer professionals alike have stories to tell of computer infections and data hijackings.

Tales of Woe from Peggy and Joe

Joe’s computer started sending out emails to everyone on his contact list.  Recipients saw an email that came from Joe and looked like a pharmacy store ad full of little blue pills!  How embarrassing!  And now he’s been tagged as a spammer and Google no longer allows him to use Google Ads.  When he was alerted to the issue, he ran some additional anti-malware software besides his normal protection and it has been cleaned up, but it will take a while before Google trusts him again.  If you suspect an infection on your computer, or even if you don’t, we recommend an occasional ‘second opinion’ scan with something other than your normal anti-virus/anti-spyware software.  We recommend a free web-based scan by Vipre *and* MalwareBytes.

Research before you Download

How did this happen to Joe?  No clue.  But, he might have been a victim of unwanted software that comes loaded with some inexpensive or free program he did want.  Often, this takes the form of a Browser Helper Object.  Many BHOs are good and important, like the one that allows you to read .pdf files from Adobe, but some could possibly be used by criminals to steal your information.

These are real infections.  A clever hacker will write code to avoid detection and continue to provide information.  Some infections are attempts to extort quick money, like rogue anti-spyware programs.  Other infections allow criminals to take control of your computer in a network of zombie computers to send spam.

A good Anti-virus / Anti-spyware program may be able to warn you.  Or maybe not.  The bad guys are getting more clever everyday.

There is no substitute for doing your homework before downloading anything.  A quick Google search on the name of the item you’re about to download should turn up any possible threats.  Read thru more than just the first page of search results, skim the second and third page as well.  If you see any item discussing ‘how to remove’ it, or ‘what is it?’ read them to see what problems others have had.  If you don’t see any red flags, go ahead and download, but try to use a trusted source like Download.com.

Peggy’s in Wales?!

Even the most diligent user can be compromised.  I just read an article by the “Virus Doctor” relating how a hacker hijacked his email and tried to scam his contacts into sending money.  Very similar to what happened to Peggy.

A hacker can get your email password by hook or crook.  Some scams are out there just to get you to divulge your password.  Other times your password is guessed.  Peggy actually remembers an email from Google (or so she thought) asking her to re-validate her account by replying with her password.  Unfortunately she complied.

That email was *not* from Google – they will never ask you for your password in an email.  It was from scammers.

Here is how it works: The scammer, posing as Peggy, says she was mugged while on vacation in Wales. The email says that all her cash, credit cards, and cellphones had been stolen and she is desperate to get home.

Be skeptical of any e-mail, even those that say they are from friends or individuals you know. If you get an email like this, and think that it might be legit, call the sender on the telephone to verify the message.  It is easy to spoof the “From” line.

Protect your Password

In Peggy’s case, since the compromised email was her Google account, this also resulted in the loss of her Blogger blog.  She has since gotten it restored after many communications with Google to prove her identity.  You can bet she’s changed her password now.  And she should change it to something pretty strong.

What is a good password?  It needs to be stronger than most people use.  It should be at least 7 characters long (longer is better) and should not be a word in the dictionary.  It should include numbers and letters, better if you start with a number.  Capital and lower-case letters makes it harder to guess, and occasionally using zero for o,  or 1 for L is a neat little trick.  The simple word ‘hello’ becomes he110.  Write it down somewhere so that you don’t forget it.  You don’t want to be so secure that even you can’t access your account!

For those Security questions, don’t use obvious questions and answers.  Choose questions that nobody else is likely to know or easily guess.

Make sure your computer is protected with anti-virus and anti-spyware programs and that those definitions are up to date. It is a constant struggle to keep your computers secure.

Remember, even the best Anti-virus or Anti-malware cannot stop you from making a bad decision.

Learn to Recognize Scams

Make sure to watch the Geeks on Tour Video: Avoid Email Scams.  Another good (and fun) place to learn about recognizing phishing websites is Anti-Phishing Phil.