I have noticed that my clients are getting “infected” by malware lately. They report that their computer is quite slow and they continually get “pop-ups.” These pop-ups are not in their browsers, they appear while they are simply using their computer.
I decided to try to figure out how my clients are downloading these nefarious programs. They all swear they did not download them but, of course, they did. I had one of my clients demonstrate how she had downloaded iTunes which she knew was the last thing she had tried to download (iTunes was not installed even though she had tried to download it). She typed “iTunes” into her browser search box. The first few results were NOT Apple.com websites. They were ads!
The link results of her search were similar to these:
The word “Download” was prominently displayed which drew her attention to the one she clicked on. I had my answer to how clients are installing these pesky programs. My client, and I suspect, the average computer user, did not understand the structure of a web address. And why would she?! Technology expects so much of the average user.
Her first mistake was to click on one of the “ad” links. Ads are displayed at the top of the search results. If you look closely, you will see “Ads related to: iTunes” and below that a few ads paid for by advertisers, of course. Below that will be the native search results.
The most important thing to pay close attention to in search results is the structure of the web address of the displayed links. The word just before “.com” should be “apple” (in this example). In her results it was “win-install” and “gufile” preceded by “itunes” or “itunes.apple.” These are NOT Apple websites. They are subdomains of win-install.com and gufile.com. These types of websites are not to be trusted. Their downloads will, at the very least, simultaneously download (and silently install) several programs which will start popping up every few minutes trying to get you to pay for them.
Other consequences of downloading from these types of websites are:
Search engine is changed to, for example: Conduit Search
PC Backup software pop-ups
Your Home page is changed