Security Awareness Post 2: Beware of malicious software

October is National Cyber Security Awareness Month, and as I stated in the last post, I decided to celebrate by writing some Security Awareness posts. Almost as if they knew what I was going to write about, I received this spam comment on my last post this morning:

"such a very informative and valued article, regards"

The poster's name, which is undoubtedly fake, was hotlinked to: hxxp:// That, in turn, turns out to be a blog that links to various unknown and quite possibly shady anti-malware programs. ("Malware" is a collective term for malicious software, such as viruses, worms, trojan horses, spyware, adware, etc. Consequently, "anti-malware" is software that, at least purports to, remove or stop malware). The latest post on the site points to something called "ClamWin Antivirus" which I have never heard of. I tried scanning it using a public malware scanner but it was so large that it could not be scanned.  A quick analysis was unable to tell me whether it was malicious, but I would never install it based on these tell-tale signs:

  1. The underhanded way in which the link was sent to me, hidden in a comment on an unrelated blog-post
  2. Never having heard of it before
  3. It is too large to scan, which could be intentional to make it more difficult to tell whether it is malicious
  4. It installed additional unwanted software when I put it on a test system:

    Any software that automatically tries to install additional software you did not ask for should be immediately considered suspicious.

It turns out in this case that I was a little extra paranoid. ClamAV is legitimate, but given the choice, I will always tend toward not installing something.

Malicious anti-malware is epidemic on the Internet. I wrote an article on it a couple of years ago. The problem has not gone away, however, and the authors have become craftier than ever in their attempts to get You to install their wares. My all time favorite is "Green AV" which claims to donate part of the money you pay to rainforests.

There are some very simple rules of thumb you can follow, however, to protect yourself against fake anti-malware:

  1. No web site can scan your computer for malware merely by your going to it. Many web sites claim to, and that is how they try to fool you into thinking you are infected and need to pay for a new anti-malware program. There are a few legitimate ones that do scan your computer, such as Microsoft's OneCare, but they all require you to agree to install something to complete the scan. That leads us to the second rule of thumb:
  2. NEVER permit a web site to install software unless you consider a site trustworthy. You have to look at the address bar to see where you are. In a future post, I will talk about how to recognize fake software and sites.
  3. Never install software that just showed up and that you did not ask for. In fact, be extremely selective about what software you install. The less software you install from the Internet, the less likely you are to get malware.
  4. If you feel you need to install something, don't do it unless you have scanned it using a reputable anti-malware scanner. A good one is Make sure you type the link correctly. Virtually every variant of is registered by malware purveyors or domain squatters. Virustotal scans files you upload using most every commercial anti-malware vendor. Here is an example report from VirusTotal.
  5. Use real anti-malware. The list in the example report from VirusTotal is not a bad starting poing. Perhaps an even easier one is to simply go buy something from a reputable online merchant, such as Amazon. Getting it from Amazon guarantees that you get something that is real.
  6. If you absolutely feel the need to install something, do a quick web search on it first. If you find hundreds of pages dedicated to removing it, chances are it is fake!

In summary, remember these key points: install only the software you absolutely need, and make sure you get it from a reputable supplier.

Leave a Reply

Your email address will not be published. Required fields are marked *