05/10/2017

When Antivirus Software Fails You: How to Spot (and Defeat!) a Real Malware Attack


It isn't every day you get to see what a real Trojan attack looks like.

When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.

But, this time, in putting together material for our upcoming free workshop when I happened across a real attack I was able to record it.

If you've ever wondered what an attack looks like, here's your chance to see one.

Here's the best/worst part: nothing stopped it.

  • Not our Internet Security Software.
  • Not any of our browsers' built-in malware protection
  • Not even Windows 10 built-in security.

See for yourself how it happened and what you can do to stop it.

 



Be the first to know about
our upcoming free workshop!

We'll cover problems like this, plus free, easy-to-do PC optimization, and other useful, real-world PC help topics.

I promise you, it'll be some of the
best, most useful stuff you'll ever see.


Put in your details here to be the first notified.

[Click here to download the printable step-by-step companion "recipe" file.]
This file opens in a new tab / Window for you.


11/02/2009

Virus Writers Turning to Online Games

A great piece today from the BBC's technology section called, Video gamers face malware deluge talks about the latest computer security / virus threats.

What may seem strange to some is that one of the main purposes of these viruses is to steal the game players online credentials (i.e. their usernames and passwords) to the video games themselves.

This may come as a surprise to many since typically the primary purpose of viruses is to infect the computers themselves; however, in this case it appears the goal is just to steal your access to the games.

Why?

Simple. To make a quick buck.

One of the main things gamers get out of online games is the long-term satisfaction, often including friends and companionship, from playing with the same group of people over a long period of time.

Additionally, gamers as they progress get higher and higher levels of performance their in-game characters get a host of different things including new 'skills', weapons or other attributes. The challenge is the time spent getting there.

Some people, after having seen the excitement that awaits them once they've built up a certain attributes in their in-game character, want to short-circuit the time needed to build up to the high levels, so they purchase the accounts from others who've spent the time playing the game to build up to the high levels.

In some cases these high-level accounts go for hundreds or even thousands of dollars--or more.

And, therein is the profit motive.

These virus writers, rather than attempting to build up their own characters to sell for profit, have created viruses that steal passwords, and by doing so, they can take over the accounts and sell the hard-won, highly lucrative characters to often unsuspecting buyers who're just looking for a way to avoid what some gamers perceive as early-game slog to get to the good stuff.

According to the story,

"Cliff Evans, head of security at Microsoft UK, said its latest look at the software threats facing Windows revealed a strong growth in one family of malicious programs known as taterf.

"In the last six months, Microsoft has seen more than 4.9m infections caused by Taterf - a figure up 156% on the total seen in the last six months of 2008."

Elsewhere in the article, and getting less note since it wasn't the headline, was discussion of worms like Conficker.

Information on the Conficker worm itself and help with Conficker removal have been covered here extensively for a variety of reasons, including as Mr. Evans of Microsoft cites,

"worms that travel networks independently looking for victims were seeing a resurgence.

"Such self-guided programs were now the second biggest security threat to Windows users." [Editor's Note: Emphasis is mine]

Worms, like all malware, are out there for a variety of reasons, but these days the most common one isn't just for the notoriety the virus/worm writer gets as it spreads, as it once was, it's for profit.

The profit may be from selling/using your computer as a spambot, from using it to steal people's banking information or identities, or it may be (as we see now) from selling your online gaming profiles.

All-in-all these worms, viruses, and other malware are threats. Their writers are clever, and they're only coming up with newer, more ingenious ways to ferret themselves into your computer and your life.

 What to do?

  1. Be careful with your passwords. Use different ones for each of your online banks/credit cards/utilities. Use different ones still for your email.

    Using one password everywhere opens you up to even more problems, as if one account is compromised, especially your email, where someone can easily see the places with whom you do business, it's trivial for them to login to these other business' websites and see if your credentials work. 

  2. Be careful with where you point your browser. Avoid using a search engine, even the best ones like Google, Yahoo, MSN/Bing, and Ask just to get to a website whose website address you already know.

  3. Why give the scammers an opportunity to setup a rogue website that looks just like your bank and get it listed in a search engine? It's very, very hard for the engines to know what's a real bank and what's a fake one.

    If you know you're banking with Wells Fargo, for example, why go to Google to get to Wells Fargo? Just type www.wellsfargo.com into your browser and go there directly. Then bookmark it, so you're not subject to a typographical error next time, which could just as easily ensnare you in a malware/phishing trap.

    Taking out that extra step of going to the engines to get to a place you already know could mean the difference between keeping your information safe and not.

All this crapware shows is that it's always smart to run antivirus firewall software, to keep it updated, and to keep your Operating System updated, too.

Lastly, remember: your online safety is your responsibility. Many of the companies you deal with do make efforts to keep your information safe, but in the end it's still your responsibility.

10/30/2009

Conficker: 1 Year Later, 7 Million Infected

"'The only thing I can guess at is the person who created this is scared,' said Eric Sites, chief technology officer with Sunbelt Software and a member of the working group.

"'This thing has cost so many companies and people money to get fixed, if they ever find the guys who did this, they're going away for a long time.'"

This from a Network World write-up on Conficker, 1 year later.

What a lot of folks find perhaps most interesting about Conficker is,

"Despite its size, Conficker has rarely been used by the criminals who control it.

"Why it hasn't been used more is a bit of a mystery.

"Some members of the Conficker Working Group believe that Conficker's author may be reluctant to attract more attention, given the worm's overwhelming success at infecting computers."

Regardless of whether or not it has been used a lot 'til now, the fact of the matter is, that the Conficker Working Group estimates 7 million PCs have been infected thus far with variants A and B of the worm.

Another thing that caught our eye about the worm was that it's apparently very (perhaps most?) common in China and Brazil, which according to the Network World piece (although we could not confirm this) cites the Conficker Working Group, as,

"suspect[ing] that many of the infected PCs are running bootlegged copies of Microsoft Windows, and are therefore unable to download the patches or Microsoft's Malicious Software Removal Tool, which could remove the infection."

This policy of Microsoft's is definitely a subject of some debate.

Clearly, regrettably, a lot of people pirate Microsoft's software; that Microsoft in effect actually punishes others by helping to perpetuate the worm by refusing to allow the pirates to update their copies of Windows (or download the Malicious Software Removal Tool), really doesn't make sense.

Microsoft's belief, no doubt, is that if pirates can't use their computers because of the worms, they'll wise-up and buy legitimate copies of Windows.

I doubt it.

If a computer is infected, the solution to the pirate is most often just to re-install their OS from scratch if needed and to take other steps (i.e. like installing antivirus software) to prevent re-infection. Others just think their computers are slow and don't know why or ignore the worm altogether and go on about their day.

Whatever the case in the mean time though, by preventing updates, Microsoft's policy allows Conficker to spread, grow, and perpetuate.

08/17/2009

Antivirus Software: What's Real? What's Fake?

One of the growing concerns for many security and antivirus professionals is the dramatic growth of fake antivirus software.

The idea behind fake A/V software is to trick unsuspecting consumers into downloading and installing their fake software in an effort to get trojans, viruses, spyware, and other malware installed onto PCs in the process.

There's nothing real about the fake software, except the threat it poses.

The process works like this:

  1. Trick consumer with a real looking, real sounding ad on an (often unsuspecting) legitimate website
  2. Get consumer to install the phony (but very real looking) antivirus application
  3. Stuff any number of trojans, keyloggers, spyware, and other evil applications into the fake antivirus program
  4. Use the newly infected computer to do their bidding, including (among other things):
    1. identity theft
    2. credit card fraud
    3. bank theft
    4. infecting other computers
    5. spamming

Solution to the Fake Antivirus Software Problem

Word is filtering out today about a way to tell fake antivirus software from legitimate ones.

A new site from security and SSL vendor Comodo of a project they're backing called, "Common Computing Security Standards Forum," aims to help consumers figure out what's real and what's not.

In their list of all known legitimate antivirus software vendors, they hope to help put an end to the dummy antivirus programs out there and to help consumers stay clear of the crap.

In addition to thanking them for their efforts, here is a complete list of current antivirus vendors known to Comodo to be the real deal:

Legitimate Antivirus Software Vendors
  • AhnLab
  • Aladdin
  • ALWIL
  • Antiy
  • Authentium
  • AVG Technologies
  • Avira GmBH
  • BitDefender (BitDefender Antivirus & Internet Security)
  • BullGuard
  • CA Inc (CA Anti-Virus)
  • Checkpoint
  • Cisco
  • ClamAV
  • Comodo
  • CSIS Security Group
  • Drive Sentry
  • Dr.Web
  • Emsi software
  • ESET
  • F-Secure
  • Fortinet
  • Frisk Software
  • G Data Software
  • GFI/Sunbelt Software (VIPRE Antivirus & Internet Security)
  • Ikarus Software
  • Intego
  • iolo
  • IObit.com
  • Kaspersky Lab (Kaspersky Anti-Virus & Internet Security)
  • Kingsoft
  • Malwarebytes
  • McAfee McAfee VirusScan Plus & Internet Security)
  • Norman
  • Panda (Panda Antivirus Pro & Internet Security)
  • PC Tools
  • Prevx
  • Rising
  • Sophos
  • SuperAntispyware
  • Symantec (Norton AntiVirus & Internet Security)
  • Trend Micro (Trend Micro AntiVirus & Internet Security)


  • You'll note, every one of the programs (reviews linked above) are included in our antivirus reviews since day one of our site are included on the list.

    If you know of other legitimate A/V software not on the list, please contact us so that we can share your insight with the folks at Comodo.

    07/05/2009

    Is free antivirus software worth it?

    That may sound like a funny question, but it's one worth asking.

    I'll avoid the cliche of, "you get what you pay for," because all too often in life that's just not true. Often you end up with something wonderful and inexpensive or something that's mediocre and expensive.

    Instead I'll quote David Hall, Symantec's Asia-Pacific Customer Manager, who said in speaking to BLORGE (a self-described "team of experienced writers from around the world") recently about free antivirus software,

    "'Imagine what it must be like for somebody who is not actually charging to be able to pay their security researchers to be able to keep up.

    'We’ve made more virus definitions last year than we have in the last 10 years.'"

    This is only half the battle as far as we're concerned.

    We've discussed the topic of free antivirus software reviews on our site before, and now that Symantec's exec has also shined some light on the subject, I felt it was a good time to add some other considerations to the subject.

    Another significant thing about free antivirus software is: what's missing from free antivirus software?

    As we've shown in our reviews and our new head-to-head antivirus comparisons, there is a huge difference in support from one antivirus vendor to the next.

    And, it's not even a case of you-get-what-you-pay-for, as the software we've rated the 2012 best antivirus software, VIPRE, is also one of the cheapest antivirus software applications made and it has the best support, too.

    That said, back to the question: what is missing from free A/V programs?

    Some free antivirus programs are lesser offerings from commercial vendors. The biggest "gotchyas" with such offerings are:

      consideration what it means to you
    1. Are you getting the maximum protection from the free version of a company's software? Free antivirus software from commercial vendors are "stripped down" versions of their commercial software offerings.

    What protection are you missing with these stripped down versions?
    1.  
      1. rootkit detection
      2. IM/chat client protection
      3. firewall software
      4. antispam
      5. identity protection
    2. Commonly, things like:
    2. Where do you turn for support? Commonly, there is little, if any, real support for free antivirus software.

    You're at the mercy of: the search engines, forums, newsgroups

    If you can't get the answer there, you have no alternative short of taking your computer in to your local computer repair center, i.e. Best Buy, etc. or calling your geek friend/relative/neighbor.

    [With the former, you're always going to be paying *far* more for the support from a repair center than you would have paid for commercial antivirus software to begin with.

    With the latter, the geek friend/relative/neighbor, we're (almost) always happy to help the first time or two that it happens, but after that, believe me, offering free tech support to friends/family gets old. Fast.]

    You're also at the mercy of their relative skill levels, too, and as good as they may advertise themselves as or seem to be in speaking with them, do you really want to trust the removal of a virus to someone who isn't an antivirus technician?
    3. What about licensing? With many free antivirus programs, you can only use the free versions in home and non-commercial environments.

    This means if you work from home, many free A/V programs cannot legally be used.

    [Sure, maybe you're "fine" using this software as long as you don't get caught, you justify to yourself, but that's not the point.

    If your livelihood depends on the software, and it's not to be used in a commercial environment for free, you should pay for it. Otherwise you're stealing.]

    Microsoft Security Essentials / Morro

    What about Morro / Microsoft Security Essentials, the new free antivirus software from Microsoft?

    In the same article at tech.blorge.com, Symantec's Hall says,

    "'Microsoft’s free product is basically a stripped down version of the OneCare product Microsoft pulled from retail shelves.'

    'Consumers don’t need less protection, they need more.'"

    Agreed. In 2009, the threats to consumers' and business' computers from viruses, worms, trojans, and such are only getting smarter, more prevalent, and harder-to-detect.

    There are so many important considerations with antivirus software, but here are just a few:

    1. prevention / detection of:
      • viruses
      • rootkits
      • spyware
      • worms
      • trojans
      • keyloggers
    2. Fast antivirus updates
    3. (and updates to all of the above, too)
    4. Tech support in ways you need it
      • Phone
      • Chat
      • Email
      • Knowledge base
    5. Ongoing development

    6. (Microsoft, for instance, abandoned OneCare, their previous A/V offering. What will happen with Morro / Microsoft Security Essentials given that it's free? Microsoft is definitely in business to make money, but how can they with a completely free product? Or will they start charging for it? Or will it, too, get abandoned and see no ongoing development?)

    The bottom line is this: is protecting your computer from viruses and other security threats worth $20 or $30 a year?

    This might just be a case of "you-get-what-you-pay-for" after all.

    06/15/2009

    Morro: Microsoft's Free Antivirus Software

    There's been a bit of a discussion lately about Microsoft's upcoming antivirus software, dubbed "Morro" and currently in beta.

    Given the time we've spent in and on Internet security-related software and other matters, I'd like to add another voice on the subject. Some things to consider about Morro:

      Facts about Morro   Considerations
    1. "Morro will work by routing all of a users Internet traffic to a Microsoft datacenter, where the Morro application will process the traffic and identify and block malware in real-time, by examining all of the rerouted traffic." Do you really want all of your Internet surfing going through Microsoft's servers?

    1. Aside from antivirus detection, how else will they be using this information to profile you?
    2. What happens when, as invariably will happen, Microsoft's servers go down or are overwhelmed?
    3. What about if your connection to them is somehow blocked or otherwise interrupted?
    2. How will Microsoft use the data other than for virus detection? Even if Microsoft claims to be "anonymizing" data (which I haven't heard any mention of), as AOL claimed it was doing when it released search data, this is of great concern here.

    AOL couldn't anonymize it all and released tons of sensitive information including people's social security numbers and credit card numbers.

    Does anyone expect anything different from Microsoft in this regard?

    Truly, this seems like a privacy nightmare. And then some.
    3. "How it will remain free is beyond me.

    The only viable way Microsoft makes money out of these things is by providing advertisements to their programs and applications.

    This is not only why Windows Live and other Microsoft products are free, but you’ll find it’s why the Internet as a whole is pretty much free."
    Source: ibid


    I'm with Zack on this, and I'll throw in one more thing: what happens when it's time for support?

    My own personal experience of calling Microsoft for help--even when I paid their absurd $195.00/call for their so-called "enterprise support"--was, to be purely honest: useless in upwards of 75% of the cases.

    In one instance, I called in noting precise URLs to the MS technician revealing that they had a hotfix that would solve my problem, and only after climbing through hoops for nearly an hour did the tech email the patch to me.

    In another instance, I called looking for support with a licensing issue, and after, literally, over two dozens calls and transfers, they acknowledged the problem as theirs and solved it.

    I'm sure others have had different experiences with Microsoft's support, but the real question here is, "What kind of support do people expect on a free product?"

    Given that the best antivirus software out there for 2012 can be had for under $20 and that you get full-fledged U.S. based telephone tech support for your $20, it seems a truly small price to pay for such high-quality, fully supported software.
    4. "A replacement for Live OneCare which failed to gain much traction, Morro will, in effect, compete with similar antivirus products from security vendors such as Symantec, McAfee and Trend Micro." Microsoft's initial foray into A/V software was called, "Live OneCare," and it was met almost universally with silence.

    After failing to get any noteworthy market adoption, it's now being replaced with Morro.

    Given Microsoft's history of abandoning products, not just in antivirus, but also with music / media with the Microsoft PlaysForSure* files, this begs the question: what else might the unsuspecting consumer be in store for by using the Microsoft A/V product?

    [* Microsoft rolled out PlaysForSure in 2004, only to just two years later in 2006, ironically fail to allow music licensed with the Microsoft PlaysForSure to work on their own Zune player.]

    We'll no doubt have more news and commentary on Microsoft's Morro Antivirus as more details become available.

    11/21/2008

    Morro: Microsoft's free anti-virus / anti-malware

    Our friends in Redmond, Washington, are at it again. :-)

    Microsoft just announced their own free anti-malware / anti-virus software. cnet has full coverage of Microsoft's Morro anti-virus software and the general consensus amongst security industry companies seems to be a universal shrug.

    Here's what reps from some of the leading companies had to say in interviews for the article:

    Company   Quote
    McAfee "With more malware attacks than ever before, we believe our advanced technology... will provide consumers the confidence to choose McAfee as their trusted adviser and expert in security."
    Symantec "...it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection."
    Kaspersky "[Microsoft has] continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically."

    Hmmm... doesn't sound like any are quaking at the thought of having Microsoft as a competitor in the antivirus software marketplace anytime soon.