COMPUTER MEDIC of Austin Texas




Complete Computer Service and Sales

Posts Tagged Malware

Security 2010 Continues to Wreak Havoc

May 8

Posted by Scott in The Medic Speaks

Since January, the Internet has been bombarded with the latest iteration of the Security 2010 scareware, with fresh outbreaks coming every few days. This blog has written previously about  it.

This malware is the latest generation of a family of rogue software known by many names going back to at least 2006. The basic MO remains the same: On startup an infected computer’s desktop is taken over by a legitimate-looking program that seems to be finding all manner of malware. As this is unfolding, the software also declares that the computer has been hacked and that the user’s identity is at risk of being stolen, among other messages. The software almost completely monopolizes the system, essentially making it unusable. The hook comes when the program informs you that to get rid of the problem, all you have to do is to register this trial version. Simply click on this link (and pay $49.99) . . .

The perpetrators of this scam have so far kept things fresh by releasing new variants every few days to stay ahead of traditional, database-based antiviral programs. These variants continue to add charming new features, such as routines that block or hide all other executables, layered service protocols that block network activity (except a connection to their server to process payment), and the ability to run in safe mode. Some variants apparently block safe-mode operation altogether. New Vista-specific versions are beginning to gain traction as well. Up to now, primarily machines running Windows XP have been affected.

The infection usually occurs when the user interacts with a bogus (but official-looking) security alert claiming to have found malware. These messages may appear when the user visits a compromised website. ANY interaction with this message typically triggers a surreptitious download of the infectious software. The only safe way to close such a message is to use the task manager (ctrl-alt-delete). Internet connections not filtered through a router are especially at risk.

The reach and sophistication of this scam are surprising and disturbing. Millions of users have been infected, many more than once, and the end is nowhere in sight.

Tags: , ,

No Comments

Major Malware Outbreak

Mar 10

Posted by Scott in The Medic Speaks

Over the last few weeks, we have seen a major outbreak of a type of malware known commonly as Security 2010. In our experience, the speed of this outbreak’s spread and it’s tremendous reach are unprecedented. For maximum impact, the authors of this pestware have been releasing updated versions every few days to stay ahead of the common database-driven anti-malware programs.

This is the work of highly skilled, well-funded actors. The authors of Security 2010 have managed to infiltrate large numbers of legitimate, heavily visited websites with their infectious mother-ship software. Simply visiting a compromised website is often enough to deliver the malware. In other cases the user will receive an official-looking message stating that spyware has been detected, and that the user should download software to remove it. Following the attached link delivers the malware to the unsuspecting user.

Infected machines will display an legitimate-looking program that runs on startup bearing the name Security 2010, Antivirus Pro 2010, or any of a number of variations on this theme. The program appears to be scanning for, and finding, malware. The software also displays a rotating menu of  scary messages about dangerous malware supposedly found lurking on the system. The whole display is completely bogus. The software also displays a message that the user has an unregistered version installed, and offers a link to register the software, for a hefty fee of course. However, paying these extortionists will NOT make the problem go away. It is all simply a scam intended to separate the user from his or her money. Unfortunately, lots of people have taken the bait and handed over their credit card numbers to these criminals.

Security 2010 thoroughly monopolizes the user’s computer, rendering it essentially useless. The software also employs a number of defensive strategies to defeat removal, including deactivating firewalls, turning off anti-malware software, and disabling standard system-management tools such as the task manager and, more rarely, regedit. It may also disrupt the .exe file association, making it difficult to run executable files.

Beyond rendering your computer unusable, Security 2010 does not appear to be actively malicious. But it opens security holes that leave the computer vulnerable to other malware infections. Left unattended the problems could grow even worse. At Computer Medic, we have developed very effective methods for dealing with the Security 2010 software, and would be happy to assist you if you should become infected by it.

Tags: , ,

No Comments

What the Hell is a Worm and what is it Doing on my Computer?

Jun 10

Posted by Scott in The Medic Speaks

As anybody who uses a computer these days knows, there is a lot of harmful software out there. The terminology is a bit confusing: adware, spyware, viruses, trojans, worms, rootkits, exploits, redirects, hijacks, to name a few of the more common forms of malware. What the hell is this stuff, how does it get on your computer, and how can you get rid of it?

Malware (“malicious software“) has been around almost as long as computers have. But it has changed drastically changed over the years. Once upon a time, most malware was basically digital vandalism, whose purpose was to wreak general havoc, as well to call attention to its creator and show off his programming skills. The programs were simple, easily defeated, and generally speaking, fairly harmless. But with the rise of the Internet, criminals became aware of the vast possibilities for making money using various forms of malware. The schemes have gotten progressively more sophisticated as the stakes have risen. Now, the making and distribution of malware is a multibillion-dollar business, controlled by international criminal syndicates. It is a virtual arms race, and the end is nowhere in sight.

“How DOES this happen?” I often hear. Most malware arrives via the Internet, as you might imagine. Viruses typically arrive in infected email attachments, or buried in programs downloaded from non-legitimate sites. Much of the malware that travels via infected email practically announces itself; it comes from someone you don’t know, or have no reason to hear from. The subject line doesn’t quite make sense or is poorly written, contains an unseemly invitation, or demands that you do something RIGHT NOW. And there is always an attachment. It’s the attachment that contains the tainted payload. As long as the attachment is unopened, nothing happens. Viruses and worms are spread in this way. A virus replicates by infecting executable programs on the host computer, whereas a worm propagates from computer to computer across a network connection, typically in a work environment.

Viruses and worms require some action by a user to spread. But more and more, malware is delivered surreptitiously, without any overt action by the recipient. NEXT Stealth Infections: Trojans, Rootkits, and Backdoors.

Tags: , , ,

No Comments