Heed This "Warning" - And You'll Be Sorry

Security vendor Sunbelt Software's blog reports that a fake warning to "update your P.C. in maximum 12 hours otherwise your Windows will be Expired" is making the email rounds. While the message (visible here) has all of the earmarks of a fake (including broken English), it might convince some technical novices that they'd better get clicking. If they do click, what happens? They download IRC.Backdoor.Trojan, an old threat that can still take over a system. It's disguised as updateWindows.exe. You can learn more about how it works by reading PacketShack.org's analysis.

Removing IRC.Backdoor.Trojan

There are a large number of variants of this nasty bit of malware, as this Tek-Tips thread suggests. It also goes by many different names depending upon the antivirus vendor, including Win32.HackTool (eSafe), Backdoor.IRC.Zapchast (F-Secure and Kaspersky), Riskware.HideWindow.B (Webwasher-Gateway), and many others (link requries a PDF reader). Some antivirus programs may have difficulty removing it.

If you're working on an infected computer and can't get rid of it, one Tek-Tips poster recommends using the free F-Secure online scanner. You must use IE6 or IE7 with ActiveX enabled to use the F-Secure scanner, and it runs on Windows XP or 2000 (a beta version is available for Windows Vista users).

What Not to Click

Tired of fixing virus and malware infections? Remind your family, friends, co-workers (and anybody else who thinks you're a technology genius) of the rules for staying out of trouble online:

• Don't click links purporting to come from PayPal, eBay, or your local bank or credit union
• Always log into Windows Update, e-commerce and similar sites manually
• Hover the mouse over links in an email or web page to find out where it will really take you
• Ignore logos and artwork when attempting to determine if an email or website is legit - they're easily stolen and reused

These can be summarized in one rule: Think before you click!