What’s Up in the World of Malware?

We get infected computers in all the time. One of the big ones we are getting a lot of recently is the “FBI Rogue”, or fake anti-virus program. Just to be clear, this malware is not connected in any way to the real FBI; but the real FBI logos are there to help scare the users into paying up in an effort to get rid of it. It is a bit of Social Engineering.

Fake FBI Malware

Most every computer that comes to us and is infected has an antivirus program installed. In most cases they have been disabled by the malware itself, but they were there to start with and in most cases they are not expired. The number one question I get from users is how come they still get infected when they did have a functioning antivirus program?

I will list several ways a machine can get infected even with a current antivirus program and steps that you will want to take to ensure that this does not happen to you.

1. Security Holes in Adobe Flash

Since Adobe Flash is on almost every single PC it is a big target for virus writers. If a malware can exploit a security hole in Adobe Flash then it can get on your system right around the virus scanner. No virus scanner anywhere can stop this kind of an infection from occurring; and once the machine is infected, then the malware is often successful taking out the virus scanner (think of it as an attack from the inside instead of from the outside). We think Vipre is the best available AV for PCs, but even it can be disabled this way.

What to do about it: Under normal circumstances, Adobe Flash will try to update itself at least monthly and possibly more often. Set those updates to automatic or always allow them to proceed. As of the date of this writing, the update install is safe and does not attempt any other drive by installs of other programs. If you have not seen a Flash update in a while then go to the adobe website here and download the flash player at the top right. Let it install and when given the choice set it up for automatic updates. In this method of install you will need to uncheck the box to avoid getting a drive by program install of something you may not want.

Why this makes you safer: There is a lag time behind when security holes are found and identified and before exploits for them start showing up in malware. During this lag time, the vendor does usually have time to get an update out that addresses the security issue. Users who do not immediately apply the update are at greater risk.

2. Security Holes in Adobe Reader

Exactly the same story as the Adobe Flash Player, with the exact same results of infection if the malware can exploit a security hole in the product. Use the preventative actions described above for the Adobe Flash Player except download the Adobe Reader instead if you need to do a manual update. It will also try to update itself about once a month or more and you should allow those and if possible set them to automatic. The manual Adobe Reader install will also need you to uncheck a drive by additional program install.

3. Security Holes in Java

Java is a support program system that is also on pretty much every Windows PC. For that reason it is also a popular target for the malware writers. New security holes are found in Java on a regular basis, and they are quickly patched in most cases and the patches come to the users when the Java Software gets updated. Just like the cases above with Flash and Adobe Reader, any malware that uses a security hole in Java to get in will go right around the Virus Scanner; and will typically be able to disable the virus scanner by an attack from the inside afterwards. Of course after the virus scanner is disabled the computer becomes free territory for many other malwares that would have otherwise been blocked to now take root. This is how we can get a computer in that has more than 1000 malware traces on it . . . but most of our customers are quicker than that and get machines to us long before they get that bad. As a result, they pay less than they would otherwise for the repair.

What to do about it: Under normal circumstances, Java will also try to update itself every month or possibly more often. Users should install these Java Updates as soon as they see that they are available. WARNING! Java installs are famous for doing a drive by program install. Users need to pay very close attention to all the screens that appear in the process of updating Java, because one of those screens (90% of the time) will have an extra program to be installed and the Check Box that controls whether it is installed or not will be checked by default! The user must manually uncheck this box to stop the unwanted program from installing. This how most users end up with the Ask Toolbar on their computers, and almost everyone hates the Ask Toolbar. I do not understand how the people at Ask do not seem to understand the bad will that is coming to them because of this toolbar that few people want and which causes a lot of folks trouble. Always remember to uncheck the box for the extra program (which may be something different than the Ask Toolbar). If you do not see an automatic attempt to update Java then you can do it manually here. Download the program and allow it to install, but remember to uncheck the box for the extra program if you see it.

Why this makes you safer: If you have the most current available version of Java on your system then you have the maximum protection available against malware that try to use a Java Security hole.

4. Security Holes in Windows

Despite the best efforts of some of the world’s leading programmers, new security holes are found in windows itself on a regular basis. It is not that Windows (talking about Windows7 or Windows8) is less secure than say the Operating system (System X and later) on Mac computers, it is just that almost all the malware writer attention is pointed in the Windows direction. If Macs got the virus writer attention that Windows machines get, then the malware issue on Macs would be just as bad.

Microsoft has a solution for this long term problem, and it is called Windows Update. Microsoft Update is also a valid solution and includes updates for other Microsoft programs besides Windows. Microsoft encourages users to set Windows Updates to install automatically, and for Home and Home Office users I strongly agree. Small business users who have more than three computers may want to talk to us about the situation, because there are rare cases where a new Windows update can cause a problem on a machine.

Whether set to automatic or not, it is very important to get those windows Updates installed as soon as they are available. Those with automatic updates turned on should still pay attention to messages about whether updates were successfully installed; and those who have it set to manual should get them applied ASAP. There are some rootkits and other malware programs that will disable the Windows Update or the Microsoft Update process, so seeing it work is a good step.

What to do about it: Go ahead and set them to automatic if they are not set that way already. The setting can be found under Control Panel and System (or System and Security). If you have concerns about doing this then give us a call. You can find your closest Tech at the top left list.

Why this makes you safer: It is very rare for a machine to get infected through a Windows security hole if the available Windows updates for that version of Windows are all installed. Note it is not impossible, but very rare.

5. Webpage Advertisements

This is a tricky one because users can get infected from popular and legitimate websites. Most all popular websites have sections on them that contain advertisements. It is one of the ways that the popular websites make money. The thing for the users to understand about this is that the popular website owners do not directly control the advertising content that is placed there, and it is possible for malware to be placed there. Computers can and do get infected because a user clicks on an advertisement that has been infected, or worse yet a fake add that is placed there for the very purpose of infecting computers. Your virus scanner will be a little more helpful here than in the cases of security holes previously described, but many still get in despite the virus scanner being there. One thing to remember about virus scanners is that they are only as good as the most recent set of virus definitions that they have received, and if a malware is not in the definitions set (because it is brand new maybe) it will go right past the virus scanner.

What to do about it: Do not click on advertisements on popular web pages. I know this may be a difficult suggestion for some folks. If you see an ad that you are interested in, if it is from a legitimate company then they will typically have their own website that you can go to separately. You should also know that every ad you click on is being tracked, and will be used in the future to target even more specific ads towards you.

Why this makes you safer: If you never click on them, then they will know very little about you; and your chances of getting infected from a popular website almost disappear completely.

6. EMailed and EMail Infections

One of the oldest known methods, this one started with the virus writers trying to use social engineering to trick folks into clicking on infected EMail attachments. It still can happen this way, but the malware writers of today only need you to click on a link that leads to an infected place. In some rare cases they can even infect a machine just from someone reading an EMail, but we will not recommend that you never read EMail just to be safe from that. Also please be aware that the first thing that happens when anyone’s EMail account gets hacked is that it will be used to send a virus link to every EMail address found on that computer. This will be more EMail addresses than what is in the Address Book. If you are on a popular Yahoo group that is unmoderated or only partially moderated then you have probably see a few of these come through.

What to do about it: Never open an attachment or click a link in an EMail message unless you know the sender, and the message makes sense and is something that that known sender would say or send. Just knowing the sender by itself is not enough. If there is anything at all weird about the language, grammar or the message, call the sender on the telephone and ask if they really sent this, or delete it.

Why this makes you safer: You can come close to doing a 100% shutdown on you chance of getting infected via EMail if you carefully apply these guidelines. Sorry to say that you can never get to exactly 100% protection, as I will explain later.

7. Places you visit on the Internet

It is hard to believe that the world wide web in its current graphical form with graphical web browsers has now been available to the general public for about 18 years. It was 1995 when the graphical web browser Mosaic became popular followed closely by Netscape. It was a while later before anyone was really using Internet Explorer.

It is generally true that the more someone surfs to the seedier side of the Internet, the higher their infection chances become. Now this is not just porn sites, but all kinds of other sites about all kinds of subjects that are out of the mainstream. This can even include extreme political or chat sites.

What to do about it: Those who frequent these kinds of sites need to be a little more vigilant when it comes to watching the security of their computer, and should pay VERY CLOSE attention to every recommendation in this article. Also pay very close attention to what is happening while surfing these sites, if you see any weird screen pop up that looks in any way suspicious, then press and hold in your power button until your computer turns off. We do not generally recommend turning your computer off this way, but it is better than getting infected.

Why this makes you safer: Most Rogues/Fake Antivirus programs need you to click somewhere or do something before they can fully establish themselves. Cutting the power is the only way to make sure that does not happen. Doing this could save you an expensive virus cleanup.

8. Image Searches

This can also be a tricky one. I have a client who had a student searching the Internet for pictures to put into her school homework report she was writing. She was searching for legitimate pictures. She clicked on one that she found that she liked, and in the process a Rogue/Fake Antivirus Program infected the computer. Since her parents were not home at the time, she went to a second family computer and did an image search there and clicked on a different image and that one was also infected by a different Rogue and so the second computer became infected. Needless to say the first thing that the parents had to do when they got home was to call us.

What to do about it: Before clicking on any image found through doing an image search, see if you can get any info about what website the image comes from. At the very least be careful and if you see an initial Rogue screen then power down the computer as described above. If the website that the image comes from has a really weird name then you may want to see if you can find the same image someplace safer.

Why this makes you safer: Often the reason that a Rogue takes hold is because it surprises a user. If you are prepared to not be surprised if you see one while doing an image search, then you can react to it with a clearer head.

Conclusion

Please understand that the war between the malware writers and the Antivirus folks is a long term event with no hint of ending anytime soon. Also please understand that it is possible for you to employ every single suggestion in this article and still get infected. Yes that means that it is possible for you to get infected even if you have done nothing wrong.

This article is about reducing the chances of this happening, not preventing it entirely. If you would like for us to do a proactive review of your security setup then give your Tech a call. You can find our Techs by the areas listed at the top left of this website. Or better yet ask your Tech about Awesome Care, which is a program that allow us to be proactive with your computer.

To your safe computing . . . Awesome Computer Help

Leave a Reply