Malware wears many masks, and often what looks commonplace or relatively benign is actually dangerous to your PC.
Here are some tips on protecting yourself from a particular type of malicious software that even antivirus apps can’t stop.
Malware hiding under the green underline
Online advertising is constantly finding new — and often highly annoying — ways to grab our attention. One of the more pernicious techniques is the green underline placed under text on webpages (see Figure 1). It takes a while to remember that the link doesn’t take you to more information; it links you to an online ad. (Also known as Text Enhance, these ad links might be blue and/or double underlined.)
This latest scourge is usually just irritating. But in some instances it’s actually a form of potentially dangerous malware. On random occasions, hovering over the green link pops up an ad that claims you’re running an outdated video player. Often, the ad looks like an Adobe Flash updater, as shown in Figure 2.
Unfortunately, only the most observant Internet users notice that the link’s URL goes to an unrelated site, such as www.transport-preservers, as reported by numerous PC users on online forums. Other URLs are used, but this particular domain, created July 29, hides behind web-hosting company GoDaddy’s privacy wall, cloaking the true owner of the domain (see whois).
A Google search of “green underline” or “text enhance” turns up numerous reports of bogus popups. Most worrisome, this form of malware goes undetected by antivirus apps. Scan your PC with any AV program, and it will report that your system is clean — with the green underlines still there on webpages.
In most cases, the malicious code is downloaded to PCs alongside free software that was intentionally installed by the user. (For more on potentially unwanted software, see the June 13 Top Story, “Avoiding those unwanted free applications.”)