Back to Courier Columns Page

by Ray Carlson

Q. How did I get a virus - I never open email attachments from people I don’t know and do not visit websites I don’t recognize?

A. Cyber criminals keep devising new tricks to get you to download their malware or buy fake software. In a newer version, the criminals create a fake webpage and insert a link to that page in the thumbnail of an image likely to draw interest like one of Bin Laden’s residence. They place the image and link in websites operated by reputable organizations trying to save money by creating their website with free software like Wordpress. The mechanics of that software including its vulnerabilities are well-known.

When someone searches for that image with Google, the one the criminals used appears but seems to be connected to the reputable website. Clicking on that image takes the person to the reputable site and then immediately to the criminal webpage. A box pops up saying the computer has a virus and offering to sell a fake antivirus program or indicating that certain software needs to be updated. If the person agrees to the update, some form of malware is delivered.

Google tries to identify such pages and warn the searcher as well as the webmaster of the infected site. Also a valid up-to-date antivirus program will often provide warnings about problematic pages. The criminals, though, keep adding new sites. If you click on an image and get such a box, quit your browser before any downloads occur.

Published: Courier 5/15/11 - Page 6C