It isn't every day you get to see what a real Trojan attack looks like.
When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.
But, this time, in putting together material for our upcoming free workshop when I happened across a real attack I was able to record it.
If you've ever wondered what an attack looks like, here's your chance to see one.
Here's the best/worst part: nothing stopped it.
- Not our Internet Security Software.
- Not any of our browsers' built-in malware protection
- Not even Windows 10 built-in security.
See for yourself how it happened and what you can do to stop it.
This file opens in a new tab / Window for you.
According to Alexander's research, it looks like Flashfake began its infections via hacked Wordpress blogs.
Good ol' social engineering is what duped the first wave of folks into getting infected. (N.B. Typically, these are the types of infections that are blocked by Internet security software.)From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update.
Next, it appears actual exploits began being used to spread the Trojan via the hacked Wordpress blogs. How many blogs were infected, but it's at least 30,000 according to a Websense report on the Wordpress infections.
Hats off to Kaspersky and Alexander both for the great research and for sharing it.
People sometimes question why antivirus software that's not a part of the operating system is a must.
With Windows 8 for instance, Microsoft has announced they're including their own antivirus software right in the operating system itself.
To be blunt: this is meaningless, particularly in the way of making a PC safer. The first antivirus software the virus writers will make sure their software evades will be that which is built into Windows! And so, this A/V software means nothing more than a false sense of security for most people and some delays for the bad guys.
Having good third-party antivirus software means you have another layer of protection the bad guys don't necessarily know about. Sure, they may try to avoid detection by independent antivirus programs, especially the most common ones, but if they're at least beating the baked-in antivirus software, their battle is largely done.
Yes, it might make it harder to find ways to infect PCs to begin with, but all that does is slow them down a bit.
Now, let's bring Apple into the picture.
Apple was first criticized for its slowness first in applying the patches to Java that Oracle made months ago (they delays which caused the Flashback Trojan to hit Macs as virulently as it did to begin with), then a second time for not working with the antivirus community that was eager to help, and then a third time for not releasing detection and removal tools.
Luckily, the antivirus companies entered the picture. First was Dr. Web with its disclosure of the trojan (and "sinkholing" of the botnet's command-and-control domain names).
Then F-Secure came into the picture with manual instructions for determining if your Mac had been compromised. On the heels of that was Kaspersky with free, automated Flashback detection and removal tools.
All of these companies beat Apple--by a LONG shot--at protecting their customers (and non-customers alike) with their steps and tools they each respectively made.
Oh, and lest it go unsaid, Apple did release an update to Java that patches the hole and removes
the most common variants of the Flashback malware.
Here's what the update looks like in Software Update: