Computer Virus

A word from our sponsor:

The Breast Form Store Halloween Sale Banner Ad (Save up to 60% off)
Printer-friendly version

Author: 

Taxonomy upgrade extras: 

I am unsure of the best way to spread the word, so I chose to blog it.

I was just the recipient of two viruses that were very costly to get rid of. SpyBot@MXt and NetWorm-Ivirus@fp took over about 75% of the function of my machine. That, in spite of my having Norton 360 and updated regularly.

I really do not wish to get into a "male feeling" discussion about which program is best.

Perhaps one can be protected ahead of time.

Something must have shut my Anti-virus down or ???

Beware!

Gwen

Comments

Gwen I've had similiar problems lately

But with mc afee my computer would run just fine then all of a sudden shut down.When it would restart it would dump the mc afee files then I'd have to spend hours redownloading them.Sometimes I could be fine for up to a month then it would start all over.I'd go to run virus scan and my computer would just shut off.Maybe hackers have figured out how to compromise antivirus systems a scary proposition.A bad thing that I have noticed is every computer security system that I've checked out don't seem to have the type of customer support I'd like.Most if not all have some form of on net system that isn't going to do you any good if your computer is acting up.They do have customer service numbers but you have to go thru several layers before you can get to them another problem if another computer isn't handy.Amy

Yes they have

One of the biggest tricks is to disable the AV software and make it look like it is still working. This is meant to make you feel safe when you are not.

Arwen

"But, I paid for protection software!" She wailed piteously.

There are just lots of nasty dudes out there. In my mind, one of the injustices to all this is that NORTON charged me $100 to clean up my computer that was protected by their software, and I paid for the protection.

It is almost like my paying someone to rape me.

Gwen

I agree with you somewhat gwen

but I think the raping begins when you pay for internet service then you have to pay for the security.I believe internet security should be the internet providers responsibilty and they should be reasonably liable for failure to provide a safe internet experience.Internet security companies shouldn't exist for average folks and it shows just one more area where lawmakers are asleep at the job.Also for those that say it shouldn't be the job of the provider then where is law enforcement at in this mess?Amy

You are not alone

Hi Gwen,

Unfortunately the people creating the viruses these days are being paid by organized crime. Your computer with its resources and any personal data stored on your PC are worth money to organized crime.

Did you know that these organized crime rings now have research labs that do nothing but try and figure out how to get past the anti virus and anti spyware software? They have other research labs that reverse engineer operating system and application patches to find out what was broken so they can take advantage of it before some people patch the problems.

The other thing they do is only send out a limited number of a particular virus/worm/trojan, modify it and send out another limited number and so on, to try and evade the anti virus companies getting a hold of the latest bit of malware.

It is such a competitive business now that when a new piece of malware infects your computer it tries to clean any previous malware from the system so that it is the only thing infecting your computer.

What can you do to keep the bad guys out?

1) Never connect to the Internet when using an account on your computer that can install software. If you can't install software you have just made it hard for the bad guys to do it.
2) Patch everything and keep it all up to date. The operating system used to be the biggest target of the bad guys. Most people are patching their OS religiously now, so the bad guys are targeting applications and especially the web touching applications such as web browsers, media players (RealPlayer, Quicktime, Windows MediaPlayer etc), and chat/IM clients.
3) Use a hardware firewall on your network and make sure you keep the firmware up to date.
4) Use a software firewall on each of your computers and keep it up to date.
5) Wherever possible don't run Java or Active X scripts when connecting to web pages. Unfortunately just about every page now uses Java or Active X to generate the web page. Unfortunately this breaks just about every web page out there. Active content and poor web site coding are the biggest tools for the bad guys to get onto your computer these days.
6) If you use wireless make sure you use WPA or WPA2 encryption (WEP encryption can be cracked now in less that 120 seconds) with a big long complicated key, use MAC address filtering on your wireless router and your laptop/desktop computer and disable SSID on the wireless router.

I was giving a managers class on what my group does at work this past week and one of the attendees asked: "We use wireless at home, but we shut our computer off when we are not using it. We're safe right?" I had to tell her that if her wireless was cracked then it would be possible for someone who had been monitoring her network to turn her computer on via a feature called Wake On LAN. If someone is on your network and this feature is available your computer can be remotely turned on. You have to go into your BIOS (when the computer boots) to disable this feature.

Gwen, unfortunately there is no magic bullet to protecting your computer system from the bad guys. You add as many layers of defense as you can manage to keep things secure and never trust that one layer alone will do it.

Since 80% of home PC's are supposed to be infected I would suggest that you don't store personal information such as name, address, telephone number, birth date, SIN or SSN numbers, credit card numbers or bank account details on your computer. Store this information on a removable USB hard drive and disconnect the hard drive when you don't need access to the information. If your PC is compromised and that information isn't on the computer it can't be stolen.

I hope this is of some help.

Arwen

I'd be very surprised ...

... if anyone succeeded in switching my PC on remotely when I'm not using it because I switch off the mains power at the socket. I hate stand-by systems and always bypass them. I like my electronic media in my control.

Geoff

But, but, but, oh dear!

Arwen:

I did save your reply to my desk top, and will study it.

It seems "just awful" that I would have to worry about such things. Anyone who has read my stories realizes that I am very kink curious. An aquaintance of mine had suggested that I get involved in alt.com, and I had a look at it. Unfortunately, they cost money that I do not have right now. They pressed me hard to pay up, but I couldn't. The trouble could have been a present from them. Who knows.

I try very hard to be the steriotypical "church lady", but I'm not.

Arwen's Advice is Solid

Your Norton 360 is in the top group of available protection software with a software firewall, anti-virus and anti spyware applications. It has tested very well vs. competitor products. Using a "Limited User" account to surf and connecting to the Internet through a router (with the default password changed to a good strong one) can increase your level of protection. The web is getting increasingly unsafe. I use a plugin called "No Script" with the Firefox browser which does help as it blocks Java, but is a bit annoying as many things don't work (you can temporarily or permanently allow script to run on specific sites).

Protecting One's PC

Hackers, Crackers, etc. abound. :-( Installing an anti-virus package is, sadly, far from sufficient. In addition to anti-virus software, a TCPIP "stack" firewall, an anti-spyware package, and protection against rogue web browser "cookies" are also needed.

For personal, non-commercial, use, good software for all 4 of the functions previously enumerated is available, for free. That appeals to my extremely cheap nature and I use the available "freeware". None of the stuff I use was authored by MicroShite.

G/R

I'm pretty ignorant.

I work very hard at being a good woman, and I help anyone I can. However, I am not a smart, techno savy computer person. I am a very good computer operator, but definitely not a technician. Guess I'm going to have to change that, darn.

Gwen

Don'tfeel bad Gwen

I use XP sp2 and keep it religiously updated causeI know its a target. I use Norton Symantec and update it daily, even if the auto update does it too. I also check weekly with a stinger from Mcafee. I use an outside source firewall, since the one in XP is worthless, more or less. I use the MS Defender, Ad Aware, Spybot, and Spyware blaster. I update them daily, and run them at minimum every other day on each of my systems. I don't use Limewire or any other sites. I used to use a torrent loader, but rarely do now. In the last 5 years I have had to totally wipe the hard drive and start from square one, 3 times. I once had to buy a new HD since even after that, a scan showed an infection. I think it came in while I was doing the initial new updates on install, and I could not clear it. In the last week alone, Norton has stoppd three trojan horse incursions on my desktop, and something else tried to get in. My firewall log shows 18656 intrusion attempts since I installed it, 35 of which are since the last time it was updated and 20 of those were high rated attempts. Many of those may have just been a blocked ping from a server, but I try to set things so nothing gets in while still allowing me to use the equipment. My wireless router has a firewall in it also and I still get this stuff like this.I have the net coming into the router and then to the desktop and out to the other units. I also use the yahoo anti spy and it keeps finding the IST toolbar which came in someway, which would allow others to take over the desktop and lappy. I also use the other spyware tool from yahoo which they have pulled from the toolbar now. It was from Norton and cleaned up a lot of minor stuff. The bad guys are out there and they will get you if they can. Right now, all scans showw perfectly clean on all units, but that desktop often runs so slowly I think something is hiding in it and I really hate to think I need to blast it again.

That's the reason

For having a hardware firewall.

A naked PC on the Internet freshly unpacked from the box will only last about a maximum of five minutes before it is scanned, targeted and owned. Some PC's succumb within seconds. Remember these are completely automated attacks by your average home PC that has also been owned.

If you hope to be able to download your protection software before your PC gets owned it will never happen. With a hardware firewall in place and only connecting to a trusted update site like Microsoft's update site, or whatever your favourite OS's update site is you can hopefully extend that to beyond the time it takes to update the PC.

Remember every type of computer hardware, operating system and applications is vulnerable to attack. After all they were designed and built by us imperfect humans so how could they be perfect.

If you think your PC has been infected try downloading one of the Linux based live CD's such as Knoppix. You can use the AV software on that to see if your system is infected. You boot off the CD so any infection on your hard drive can't affect the CD.

Arwen

Hyperbole

erin's picture

Sorry Arwen, your second paragraph is simply exaggeration. If things were really that bad, governments would be getting involved to stop it because this sort of thing is a major security risk. I've run computers for YEARS without infection. It just isn't that hard to do.

For one thing, most ISPs operate firewalls, too. They have to, it's their business. So when you connect to the internet, you've already got a couple of major international corporations watching out for you. They are big and slow-moving, though, so the fast, nimble hackers are able to get past them with effort. It's like an arms race.

Most crackers are script-kiddies. They download scripts and use these to hunt the internet for attackable machines. Most attackable machines are Windows-PCs or Linux/Apache-type servers because most machines are one of those two.

The flood of spam that fills everyone's inboxes is mostly from infected machines, a lot of them in Russia and Asia. This spam has a very, very low rate of profitablility. ID theft rings that use software to steal accounts off of the internet do exist but they are constantly hunted down, blocked and locked out, and caught and prosecuted. The international nature of this crime makes prosecution difficult but countries MUST cooperate at least minimally because if they don't the backbone companies of the internet would simply LOCK those countries out of access to the internet. It happens.

- Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

Hyperbole? Well...

Sorry Arwen, your second paragraph is simply exaggeration.

You're probably right. The measurement I recall seeing on Slashdot is that a naked XP machine lasted 22 minutes on the Net before being r00t3d and Pwned. That's not much better and isn't exaggeration.

If things were really that bad, governments would be getting involved to stop it because this sort of thing is a major security risk.

The government won't get involved to stop it because it is a Microsoft security risk. Groklaw.net has plenty of current news and history on how Microsoft gets the regulatory environment it wants by buying it. http://www.mepis.org has my personal favorite method of avoiding Microsoft security risks available for free download.

The reason I say it's exaggeration ...

erin's picture

... is personal experience and the experience of everyone I personally know, including dozens of computer professionals. Maybe that's anecdotal but it's true. I've been in the computer business for 25 years and the internet for almost 20 years and these cautionary statistics are nothing new, ever since viruses and worms were invented.

The danger is real but the warnings are frequently shrill and overblown. The economic payoff for that kind of invasive attack doesn't exist and the safeguards against it are not limited just to personally owned machines. I've NEVER seen an authoritative study that says prudent use of home machines is as dangerous as these warnings insist.

- Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

I didn't make this stuff up.

Erin,

This information comes from presenters at the West Coast Security Forum, which I attend each year as part of my job. Other sources are from places like the SANS Institute, and a number of security related forums on the Internet.

Arwen

And I'm not making up...

erin's picture

... that it simply does not fit with reality as I have experienced it.

- Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

I use a Mac to connect to the internet

erin's picture

This isn't perfect but it is like having a 99% filter on keeping bad stuff out, Macs are such a small part of the internet universe the big bad guys don't spend time on trying to crack them. I also have a hardware firewall and a software one and I don't visit the high risk sort of websites.

When I get online with one of my PCs, I'm usually going to one of a handful of places. I use a free virus/malware scanner that is updated before every visit to the internet.

The servers I use are all Linux/Apache, which being the majority of servers out there makes them vulnerable but I take precautions there, too. Stuff happens. It's like repairing the roof, you have to do maintenance.

- Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

Gee, I wish I could afford a MAC

As I understand it, the MAC operating system is on a read only chip, not software on a Hard Drive like Microsoft machines? I have a pretty good suspicion of where I got the bugs. Of course, with some of them set up to go off on a delay, who knows.

Right before the problem started, I was searching for something naughty, and found myself on a web site with a URL that I think indicated it was a .cz or something like that. They wanted money, and were very persistent about it. It was one of those sites that I had to manually shut the computer down to escape.

The last big problem I had was around 5 years ago, and that required a trip to the shop with my machine. They ended up replacing the Hard Drive.

I guess I asked for what I got.

Gwen

Mac's use HD's

Gwen,

Mac's use hard drives for their OS. Apple just released patches for a bunch of exploits last week I think. One of them was a remote exploit.

CanSecWest just had a hacking contest (last week), three laptops, three OS's (Mac, Vista, and Ubuntu (Linux), all with the latest patches and roughly the same attack surface. The Macbook Air fell in 2 minutes. Vista the next day, Ubuntu didn't fall but an exploit was discovered, but the people taking part in the contest were to lazy to bother writing the code to take out the Ubuntu laptop. So to be fair it probably would have been hacked too.

The rules were simple, no one could use a previously known exploit, in other words they had to use a Zero Day Expliots (0-day). The OS, device drivers and applications were all considered fair game.

I've met the guy (Shane) who cracked the Vista laptop. He should have cracked it in about the same time as the Macbook, but he hadn't counted on Vista having SP1 installed. Took him and his partner a day to modify his code, and create some Java scripts to get the hack to work again.

CanSecWest is held in Vancouver, BC and is a mixture of IT Security professionals and very bright hackers. These guys all live and breath computer code.

Gwen, the best way to protect yourself as with anything in life is to add as many layers of protection as you can afford and manage, weighed against the risks. Security through obscurity (using operating systems and applications with a low popularity) isn't true security. It's like putting an alarm sticker on your home when you don't own an alarm, or putting bars on your windows, locking your doors but you leave the key to your back door under the mat.

Any OS and any application is hackable, that is reality. If you employ the right behaviour (think before you click, amongst many behaviours), use the right tools (antivirus, antispyware, firewalls, etc), patch your OS and ALL of your applications whenever there is an update, and make backups of all of your data and store it separately from your computer. You go a long way in protecting yourself.

Unfortunately at this time there is no magic operating system, application or piece of hardware that will protect your computer and your data guaranteed 100%. It's as much up to you as it is for all the bits and pieces you use to protect your computer.

Oh that list I put up in an earlier comment is only the short list. The one I use is much longer. The short list is the stuff that I believe the average computer user can do themselves. Do I follow everything on my list religiously, no, but I make my decisions based on what I'm doing and where I'm going on the Internet. I try and evaluate the risk and tailor my actions accordingly. I just figured it out, I've got 29 years of computer experience from the date I was first exposed to a computer in high school.

Do I consider my computer systems unhackable? Not in the least. I use my best judgement and skill and hope for the best. I also try and keep abreast of the latest tactics and tools used by the bad guys.

Do your best and use your best judgment, that is all anyone can ask of you.

Arwen

Just as a note

erin's picture

The firewalls on the BC servers probably stop a hundred hack attempts per week. On average, one gets through every other week or so. I don't mention these on line unless they take down the server or cause me to spend more than half an hour beating them to death with a shovel. Mostly, they happen on the oldest server which needs a new version of Linux installed.

Linux is RELATIVELY easy to clean up but I've twice had to reformat drives and once a hacker ruined the eproms on the motherboard. That was about eight years ago, though, not on BC. I've done reformatting about a dozen times or more on my own or friends' Windows machines but not in the last year or so. The anti-malware stuff is getting pretty good, if it doesn't save you it often makes a recovery easier.

Never had a break in on a Mac. They really aren't a lot safer than Linux or Windows (well a fair bit safer than Windows) it's just their low profile and some pretty good built-ins. If you handle secure data you can't rely on that, as Arwen says.

- Erin

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

= Give everyone the benefit of the doubt because certainty is a fragile thing that can be shattered by one overlooked fact.

Something That Can Help to Keep Your Applications Up to Date

If you go to the Secunia site (http://secunia.com/), they have a free online tool (http://secunia.com/software_inspector/) or a free client you can download called Secunia PSI (https://psi.secunia.com/) that will look at the applications on your PC and tell you which ones are security risks and which ones are end of life (no longer being updated). While they don't track everything, they do keep track of the common stuff like Adobe Reader, Quicktime, Real, Flash, etc. Microsoft has gotten a lot better at securing Windows and Office. The third party free apps that many of us have are more frequently becoming the target of the bad guys. I prefer the Secunia PSI download as it monitors your PC continuously and lets you know when an application needs to be updated. It doesn't seem to cause any conflicts and doesn't use much in the way of memory and cpu time. You will want to let PSI run all the time and let it connect to the Internet (it stays up to date on risks by talking to a server at Secunia).