When Antivirus Software Fails You: How to Spot (and Defeat!) a Real Malware Attack

It isn't every day you get to see what a real Trojan attack looks like.

When you do, there's seldom time to even take screenshots: you just want to get the heck out of Dodge.

But, this time, in putting together material for our upcoming free workshop when I happened across a real attack I was able to record it.

If you've ever wondered what an attack looks like, here's your chance to see one.

Here's the best/worst part: nothing stopped it.

  • Not our Internet Security Software.
  • Not any of our browsers' built-in malware protection
  • Not even Windows 10 built-in security.

See for yourself how it happened and what you can do to stop it.


Be the first to know about
our upcoming free workshop!

We'll cover problems like this, plus free, easy-to-do PC optimization, and other useful, real-world PC help topics.

I promise you, it'll be some of the
best, most useful stuff you'll ever see.

Put in your details here to be the first notified.

[Click here to download the printable step-by-step companion "recipe" file.]
This file opens in a new tab / Window for you.


Stopping Malware: ISPs Cutting Off Internet Access to Malware Infected Computers

Malware in all its forms, viruses, worm, trojans, keyloggers, botnets, spyware, and even adware, is for most individuals and businesses unpleasant at best and a nightmare at worst.

Once your PC has been infected, cleaning up the mess the malware leads behind can be easier said than done.

For better or worse, realizing your computer has been compromised is often difficult if not impossible. It can't be said too often that preventing the malware/virus infection in the first place should be your first priority in computer security:

  1. Be smart about what you do online.
  2. Keep your PC updated with Windows Update
  3. Install (and run!) antivirus software or an Internet security suite

In an effort to deal with those computers that have been infected, Australia's Internet Industry Association (IIA)

"has drafted a new code of conduct that suggests Internet Service Providers (ISPs) contact, and in some cases, disconnect customers that have malware-infected computers."
  1. Identify compromised/infected computers
  2. Contact customer with infected computer(s)
  3. Provide information/advice on how to fix infected computer(s)
  4. Report / alert about serious large-scale threats (including ones that make effect national security)

Some believe this shifts the onus onto the ISPs to ensure their customers PCs are malware free; however, given that the IIA is also calling for unresponsive customers (or ones involved in large-scale threats) to have their Internet access suspended, it really puts it onto the consumer, where I believe it really belongs. Here's why:

If your machine does have a virus, worm, or other malware, you may lose your Internet access 'til you get it cleaned up.

Given how cheap even the best antivirus firewall software is, risking your Internet access to save a few bucks on Internet security software doesn't make sense--especially given that you'd need Internet access to download software to clean up an infected PC.

No matter how you slice it, the ISPs realize what a threat viruses and other malware are and are going to take whatever steps they can to protect themselves, their customers, and their infrastructure. Seems like smart business to me.


New Precautions from Banks about Online Banking

It goes without saying that the cybercriminals are getting smarter... a lot smarter, and they're writing more and more sophisticated trojans, viruses, and all forms of other malware to get at your computer and ultimately your data and personal information.

What this has led to is a banking industry group, Financial Services Information Sharing and Analysis Center, to recommend their member banks notify their customers (i.e. businesses who do online banking) to take much more stringent means to ensure secure communications between their business and the banks.

According to the Washington Post's Security Fix blog which has a post, Tighter Security Urged for Businesses Banking Online on this very topic,

"The group recommends that commercial banking customers 'carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.'"

What this means is: have one computer that does absolutely nothing but talk to the bank, get Windows updates, and (in our view, of course, antivirus updates).

This raises a couple of questions:

  1. Is this practical?
  2. If it's recommended for businesses, why not for consumers, too?

As to the question of practicality, it may or may not be. For a company where there's more than one person doing the bookkeeping and banking, perhaps a couple of additional computers might be a small cost to absorb.

For a large company, this just isn't practical; however, there may be other alternatives like a Linux "LiveCD"

As for it being practical for consumers, that isn't likely either.

How many people have the space and money to have a computer just for banking--not to mention the time to set it up and keep it updated, though running a good, modern antivirus product can certainly help reduce the likelihood of an infection in the first place.

Lastly, lest it go unsaid, use your head when you're doing online banking! Make sure you're on an https page when you connect, and if you know the website address of your bank, which you should, bookmark the link.

This way you can be much more aware that you're going to the right URL and not accidentally going to a fake (but very real looking!) version of your banks website.


Kaspersky Labs Wins Precedent-Setting Case Against Adware / Spyware

Late June brought a victory--and some delightful news--to those looking to put a little sanity into the adware / spyware front.

It should be no surprise to regular readers that we feel that labeling adware as spyware is a logical thing to do. While many adware purveyors take umbrage at the notion that they're spyware, since many don't report the visitor's activities back to a central server, we don't.

 That's splitting hairs as far as I'm concerned. 

Any software that records your actions and, no matter how loosly, takes action now or later based upon what your actions are/were, that software is spying on you--even if it's just serving ads.

What's important about the Kaspersky legal victory is that it deals with the adware/spyware Zango.

According to the Kaspersky press release about Zango, where Kaspersky Lab Americas President, Steve Orenberg says,

'"...we feel it’s our responsibility to warn a user when we classify an application as malicious, thus giving the user the choice to stop the application or let it run.

"We are thrilled with the outcome of this case because it supports the key message of the information security industry ‐‐ consumer protection comes first and that a legal suit cannot force a vendor to classify a potentially malicious program in a certain way."'

What Kaspersky was hoping for, and got, was so-called "Good Samaritan immunity."

 This means Kaspersky's users can be notified if this software is on their computers via the Kaspersky Antivirus spyware detection mechanism (which we rate highly). At that point it's up to the user to keep or block Zango. 

What the court decided, among other things, is that it's your choice.

This is a real victory for anyone--software vendor or consumer--who wants to keep crapware off their computers. Zango isn't a virus to be sure, but it may be spyware, and it's most definitely adware.

If you want Zango, and you're running Kaspersky antivirus software, keep it; if you don't block it. Seems logical to me.


Just what *is* Spyware?

Two terms we often hear bandied about out here in the ol' Interwebnets are: spyware and adware.

We used to take the position that adware meant software that didn't steal personal information or "spy" on your Internet habits (namely by reporting them back to a central server) and that spyware was software that did.

Put another way, adware might generate a ton of annoying popups or change your browser settings and such, but as long as it didn't "spy" on you, either by reporting your browsing habit and/or your personal information back to a central server, it was "just" adware and not spyware, per se.

The lines have definitely blurred though, and drawing a clear distinction between one and the other is nigh impossible.

An article on Microsoft.com asks: What is spyware?

The author of this article says,

Spyware is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first."

Given that this article is (at the time of the writing of our own piece here) +2 years old, we're going to go on record now as saying we agree with this author at Microsoft's definition. 

Whatever the case, one thing is clear: spyware sucks.