Malware Storm

I’ve been seeing an upsurge in rouge malware as of late.  As a matter of fact, almost all of the infections that I have dealt with over the last several weeks have been disguised as security programs with names like Windows Security 2010 or XP Antispyware 2010.  They all work basically the same way.  Once the malware gets a chance to execute, you will be presented with a very Windows Like security scanner that then proceeds to ‘scan’ your computer at startup and find a plethora of very dangerous sounding viral files.

Of course, both the scanning process and the supposedly found viruses are bogus but you are given a chance to clean the whole mess up by purchasing the full version of the software online.  I wonder how many people fall for this and enter in their credit card information for the sales transaction. I suspect the number is quite high.  Here is an example of a typical rouge antivirus program:

The presence of this software will slow your computer down, and interfere with your web bowser and other programs.  It is also possible that a keylogger has been installed to record any credit card or bank account numbers and passwords for sending back to the ‘mothership’.

There are some recommendations that I will outline later for staying clean.  In addition to these standard recommendations, I would also suggest that you be aware of which legitimate antivirus and antispyware software you have installed and which version it is.  This might sound like a no brainer, but remember that many very smart non-geek type people use their computers only as a tool.  They could care less about the details like antivirus software and patch levels.  When they see something looking very similar to all other aspects of Windows pop up, it might just have enough hints of legitimacy to be trusted.

Also remember that most new computers come with only a 30 day trial for antivirus software.  My recommendation is to take care of this when the computer is brand new.  Either buy a year subscription of the included trial software or immediately uninstall it and install a valid license for another security product.

Here is my top 10 checklist for malware avoidance on the Windows platform in order of importance:

  1. Always keep Windows patched.  Keep Windows updates set to automatic and every week or so go to the Windows update site and manually apply any updates found.
  2. Employ an Antivirus product that includes Antispyware and make sure that it is up to date at all times. Each vendor has a different way of letting you know when the updates are behind.  It could be an X through the icon in the system tray or maybe the icon changes color.  Do not ignore this day after day!
  3. Related to #2 above, make sure to purchase and install the new version of the antivirus/antimalware product each year.  As viruses and malware evolve, the security products must be updated to deal with this evolution.
  4. Keep all other operating software patched.  Software such as Adobe Acrobat Reader, Flash Player, and Java have all been exploited as open doors for malware infection.
  5. For Windows XP, do not use your computer as a member of the administrator group.  With Vista and Windows 7, UAC does a decent job of preventing software from running without permission.  In XP however, if you run as an administrator, any software running behind the scenes enjoys a privileged status and is free to run roughshod on your system.
  6. Consider using an alternate browser such as Firefox or Opera and always keep it updated to the latest version.
  7. Stay away from music sharing and torrent sites.
  8. Do not trust that every link on Facebook or Twitter is legitimate.  There just might be a virus on the other end.
  9. Do not open email attachments unless you are expecting the file from the sender.
  10. Keep reading this blog! I will post new information and virus fighting strategies as new threats develop.  I will also be discussing the best tools to clean your system if you do get infected.