Gotta hand it to those malware/spyware people, they're smart. What better way to target the most susceptible demographic (13 year old girls who barely know how to use a computer other than check Facebook) than to make Michael Phelps a spyware keyword...

Olympics and Phelps? How the heck do those two search terms fit in with the rest?

@Yankees368: It doesn't have to fit in, it's that people started searching vehemently for anything related to Michael Phelps, and malware people jumped on board the train to spread their poison.

I used to do spyware research about 4 years ago, and I found that pretty much any domain that starts with the word "My" is probably going to have malware. And should avoided like the plague.

For some reason malware vendors concluded that computer illeiterate people tend gravitate towards personalized things like mywebsearch and myphotopage and mysmileyfaces etc.

Myspace rose out of those same ashes of crappy websites, although they were never a malware site specifically, they sure as hell aided in the distribution of it, via their poor coding and multiple exploits in the earl days. They were also rife with bouncy "You won" adds and smiley face banners that almost always installed some adware. I still shake my head at how that site became such a phenomenon.

After recently giving our old computer the boot (no pun intended, as it was a handmedown without the orig. windows discs so I couldn't reformat) due to a nasty bit called virut (scribbler, virux, et al) I am SUPER fucking paranoid about every site & run no less than 3 separate virus scans every other day, plus multiple spyware/malware scans. +1 if I happen to go to a new site, or one I haven't visited since the infection.

The worst part is after researching it, there just isn't any good way to protect ourselves.

I miss the days of "don't download anything funky, you'll be fine."

lyricwiki.org is a very thorough lyrics website that's actually reliable and malware-free if anyone wants that as a helpful reference. I stopped googling the word "lyrics" years ago.

@punkrawka: Thx for the rec. With two teens and a tween in our house, I'd suspected a lyrics site as the culprit in our recent infection.

@pecan 3.14159265: hmm, that makes much more sense than my thought above. I bet it was just a collection of most used search terms they took.

Where the hell are the porn search terms? The only time users in my office get their laptops infested with spyware is when they've been off browsing for porn. The last few systems I've worked on show that the users were prompted to download special codecs or special players to view the videos, thus enabling the spyware and viruses to roost.

While cleaning up a porn'd/spyware'd/virus'd-to-hell computer is a PITA for me, it's the ultimate job security. Discretion has always been my modus operandi with these issues and a good number of people in the office have a lot at stake to ensure my continued employment. :)

@Hooray4Zoidberg: I'm surprised myspace became popular too for how crappily it's designed. Tons of annoying ads all over the place, horrible server reliability, slow speed, etc. I guess it just really filled a void of social networking that people wanted.

@labeled: There's always linux or Mac. Safe, for now. The unix core does also provide additional security not found in Windows' archaic patchwork code.

@FLConsumer: Yeah, true enough. If wishes were horses, I'd be typing on a comparably-priced mac instead of dell.

@Yankees368: Malware companies/people go for what is popular and suckers are born every second.

I can't help but think of Bender right now...
"Funderful? Non-alcoholic? Antiquing?..." BOOM

They really should compile the "5 things you should never do" into 1 thing.. Don't download fake junk. Period.

@wagenejm: I've compiled them into this handy PowerPoint exe. Just click here to download.

consumerist, are you spying on me? i just spent an entire day trying to root a worm out of a co-worker's computer. nasty little bug - shut down web browsing completely, disabled anti-virus, disabled windows update.

anyway, i'm a little disappointed in that 5 no-nos list. for one, it's all "don't download the fake _____. " uhhh...i'm pretty sure if my co-worker knew it was fake, she wouldn't have downloaded it.

here's my best tips to combat malware:
1) don't open ANY unsolicited attachments in email - even from people you know (especially if the subject says FWD). better yet, tell your friends/family members to stop emailing you stupid chain letters.
2) stay on trusted sites. add regulars to your trusted site list & hike your browser security way up.
3) re-enable those annoying auto-prompts for downloads that you disabled b/c they were annoying.
4) use anti-virus software that also features a site-scanner.
5) (& most important...seriously, i can't stress this enough) READ!!! i'm so freakin' tired of people just clicking "OK" whenever a dialog box pops up on their screen.

@labeled: Just use Firefox. Problem 99% solved.

Or just download Firefox and install the "noscript" plug-in.

@labeled: You can install Linux on any PC, FYI. And I do mean ANY.

@labeled: Hopefully you are using at most TWO programs. Multiple virus/spyware programs running on top of each other interfere with the others and lessen your chance of finding things.

My best suggestion would be to run Firefox w/an addon like NoScript, which prevents a site from running any scripts unless you manually say the site can run scripts. So no longer will you get the forever forwarding/re-directing problems. It's a pains sometimes, but I'd rather push a button twice a day than an island exploding, if you know what I mean.

@mac-phisto: Conficker? I repaired a computer about two weeks ago that had it and had MANY of the symptoms you described. It passed the "Conficker EyeTest" website, and McAfee said there was no problems. Then, a random "cleaning program" popped up asking me for 49.99 to clean the computer. After some searching I found this was one of the latest Conficker tricks, so I loaded up AVG and deleted McAfee, and after two scan for everything scans, it was clean and everything was A.O.K.

@mac-phisto: It's amazing the people that take offense when you ask them to stop sending you chain mail.

And how people don't think twice about a new search bar that mysteriously pops up in IE is just crazy. "I dunno, I just noticed it there one day." :(

@CreativeLinks:
+1,000,000 on that. I have it installed on ALL my computers and even though it annoys people in my office, we have been virus/malware free.

@lannister80: Firefox is a pretty safe deterrent. No version of IE is every really secure, even after patching. I've only seen a handful of things infect via FireFox and those exploits have almost all been patched. The old, don't download anything funky rule still applies though.

If you're really paranoid and/or like downloading funky apps I'd suggest virtualization. You can get vmware converter and vmware player for free these days. Make a virtual copy of your computer and do all your surfing in vmware. If you get anything funky it's all contained in the virtual machine, you simply revert and it's like it never happened. We used to use it for malware research because you can infect a machine like nobodies business, then simply revert back to a clean snapshot with impunity.

@SupremeCourtNominee_GitEmSteveDave: I keep TrendMicro active as my first line of defense, but scan separately weekly.

I use Firefox and Chrome (which supposedly runs ActiveX-free by default, and that's what I distrust the most). What's your opinion on Chrome, as I prefer it over ff?

@lannister80: If I get reinfected, I will consider this. (Right now... I'm feeling like a very old dog.)

@SupremeCourtNominee_GitEmSteveDave: My money's on virut. Rotten, rotten, rotten.

I also think it shot Kennedy & kicked my dog yesterday.

Thanks for this. I wanted to find out what the hell Karen O was saying, and now I get pop-ups for "My name is Bob and I made $5,000 sitting at home!" It's bullshit. I will be using some of these tips to get rid of this when I get home. And should I ever want to understand some lyrics, I'll just make up what I want them to be saying and forget trying to know for sure. Not worth it.

@SupremeCourtNominee_GitEmSteveDave: i'm not quite sure what it was yet - win32.zafi/b or variant - whatever it was, it was a bitch. i tried installing FF to download some anti-malware tools & it blocked the install, it blocked malwarebytes install - it even shut down hijackthis when i tried saving a logfile. i finally rooted out a registry key that let me get tools working (it was in app data/google/somethingorother) & after a round of safe mode scans & reboots, we're all better (i hope).

i'll be running full system scans for the next week to make sure. YAY!

@punkrawka: Yeah, no joke. "Lyrics" is the magic word for finding the sketchiest sites on the internet that don't involve naked boobs (although many of the ads on said websites DO have naked boobs).

@mac-phisto: For some reason, my Conficker let me install AVG. I disabled any processes that were skeevy and ran a full scan. After a reboot, it let me access the Windows Update site and I applied ALL patches+fixes, rebooted and ran AVG again. This was the second computer where MCafee dropped the ball.

@mac-phisto: @labeled: Nothing beats Conficker installing it's own "Anti-spyware" program and trying to get me 49.99 to get rid of it. Balls of silicon. :)

@labeled: after reading about virut, i would have to say that sounds pretty close. & after reading the breakdown, i'm going to have to do a more thorough dissection to make sure the remnants are gone.

god i hate blackhats. why can't they do something productive already?

@mac-phisto: Googled that one (win32.zafi) and found *numerous references to that being a fake alert/trojan name created by a spyware program called Perfect Defender, that is itself malware.

Just a quick question - have you come across reader_s.exe or any odd B1.tmp or really, any odd .tmp's running under task manager/processes?

(Note, not reader_sl.exe, which is a legit -annoying- app from Adobe's updater, but reader_s.exe.)

@mac-phisto: I hope it isn't, for your network's sake. It replicates across memory, infecting every damned executable that you open. Hence, immediate disabling of your anti-virus/spyware, which is usually one of the first things to load. For me, it took over a number of processes in my "services.exe" and by the time it cranked itself up (just when I thought I'd beaten it by deleting a ton of cracked registry keys, killed all instances of the reader_s.exe, etc) it was trying to send encrypted information out to several domains in eastern Europe and Asia.

yay. Fun. Assholes. (Sorry, it's like I've got virus-generated Tourette's.)

@downwithmonstercable: Firefox and Adblock Plus were a lifesaver when it came to Myspace's annoying ads, though it did take a bit of configuration at first since some would slip past the filter. As much as I dislike Myspace recently, I dislike it even more when I go on it without any kind of ad blocker. Perfect for those tweens I guess, with all their "See who your crush is now!" ads.

@labeled: Depends on what you're using/buying. At the time the Macbook I'm currently typing this on was about $300 cheaper than the equiv. Dell laptop. And the Dell laptop wasn't anywhere near as well built.

As an aside, we've stopped using Dell laptops at my office due to quality control issues. It's Lenovo primarily, a few Macbook Pros floating around for fun.

Perhaps you should correct the article to say "computer anti-virus company, McAfee...".

@labeled: Virut sucks! I work remote tech support and that's got to be the one virus we can't fix. Even as an escalation technician, there's just no way to eradicate it and be sure it's gone because of the way it works :(

@SupremeCourtNominee_GitEmSteveDave: As I've said about virut: At least they're using their evil genius for evil and not just to be assy & make Grandma's IM's curse at everyone. (Honestly, that was one FUNNY damned virus, but it drove her crazy. She'd open an im window, and it would send some random string of cursing.)

@labeled: actually, the weird thing about this one is that it doesn't seem to have _any_ out of place processes in the task manager. everything was legit, so as far as i can tell, it was masquerading as a legitimate process.

win32.zafi is "fake" as far as i can tell, but whatever malware that creates the program that says "you've been infected by win32.zafi" isn't. i don't know - it sounds a lot like vundo, but i've dealt with that before & this seems so much more, i dunno, robust, hard to kill.

@rickatnight11: Damn, and here I thought it was my day to harass and annoy Chris.

@tsume: Awesome, amirite?! I'm sort of darkly glad to hear I'm not the only one that's come across it. Early adopters ftw!

Actually, in over 15yrs of internet use, it's the one and only virus I've ever had. Ever. Figures.

@mac-phisto: Yeah - that could still be virut - once it doesn't need reader_s or the tmp's anymore, it runs very happily on your normal processes, which is part of what makes it such a rotten bitch.

Also, why am I so darkly tempted to search "word unscrambler" now? I mean, word unscrambler, really?

@FLConsumer:

Yeah WTF? I could have sworn that there would be a couple search for boobies on the top 10. Kinda disapointing really.

@SupremeCourtNominee_GitEmSteveDave:

Nice LOST reference. :)

@punkrawka:

Thank you for this. I've been looking up lyrics because I can't understand people on my albums. It could be my hearing is going. That's what I get for blasting my music so much as a kid.