Stupid Malware

[Destina Faroda]

You know that stupid virus that looks like a pop-up window and installs some fake crippleware that looks like antivirus software?  I got hit by in back in the summer.  I got it cleared out, completely.

This time, I got it again.  I didn't encounter it by Web surfing and clicking on a pop-up ad.  No, what triggered it (from "dormancy" at least) was running Spybot.  As I was running Spybot, the stupid window fake window popped up again, unprompted and takes over.  So shame on me for falling for it twice.

Since this has happened a second time, I am more inclined to believe this came from one of the sites I visited.  However, I don't   I don't torrent (because I'm too stupid to figure it out), look at porn (not interested), or do any of that other junk, and I'm concerned how this stupid bug got on my system yet again, especially since other than the usual sites (which I trust), I haven't looked at that many new sites.

This is more a general complaint than anything else, so I'm not sure if I should even post it here.

[Tapewolf]

I had this happen at work once, but without clicking on anything.  I went in for a meeting after reading a couple of tech news sites, and when I came back I had 'XP Antivirus 2010' or somesuch staring back at me.

One of the current favourite tricks is this:

Someone builds a flash/java banner advert that looks legitimate but actually uses a security hole in flash or java (and there are many) to install a virus on your machine.
They then buy advertising space on an affiliate, which means that their horrible thing will be viewed by millions of people reading Slashdot, Wired, CNN and countless other high-profile websites which are advertising-supported.

The virus then downloads and installs the fake antivirus software (which displayed 'viruses' in countless ARM and MIPS programs I had been developing - there are currently no viruses for CE on either platform worth mentioning).  The fake AV software then tries to get you to purchase it.  If you uninstall the thing, the virus will then download another copy and the process begins again.

At the time, the virus which I got was very new and the corporate AV software we had was completely blind to it.  I installed Microsoft Security Essentials which at the time was one of exactly two AV packages that knew about it.  The trouble is that there seems to be some kind of symbiosis between the virus and the fake AV software - they keep downloading each other to make sure your system stays infected so you have to squash both of them.

To prevent this happening in the first place, you have a few options, none of which are particularly nice:

1. You can install Adblock Plus, or whatever it is called.  This will block most flash-based adverts and reduce the attack vector.  However this is an arms race, advertising firms don't like it and keep trying to find ways to work around it.  People who are clever enough to create advert bombs may also be clever enough to force them to be played too.
Also, I don't mind adverts as such - sometimes they can be interesting - and it feels a bit unfair to the website to block them.  However, if it's a choice between them getting paid and a windows machine I'm using getting screwed over, well it sucks to be them.

2. Get rid of Flash.  Get rid of Java.  Block javascript.  Don't use IE.  This will make you considerably less vulnerable, but with the first three options, the web won't be as much fun.  If you want to use youtube etc, you'd have to use Chrome or something and HTML-5 mode.

3. Write this whole windows thing off as a dead loss and use something else.  I don't recommend this as an easy option since it is rather extreme, but it's what I did at work.  Grabbed a spare laptop, installed Ubuntu on it.  I use that for most of my web access at work instead of windows.  At home I don't trust windows to be allowed online in the first place.  I used to think this was me being stupid and paranoid, but then things like this happen...

At the end of the day having up-to-date AV software is essential, but frankly, the advert-bomb folks are ahead of the game here and will keep evolving the virus part to avoid detection.

[Reese Tora]

1. You can install Adblock Plus

This, and that is the correct name.  If you have or download firefox, you can get it from the official Mozilla plug-in finder.

2. Get rid of Flash.

Flash block is also available as a plug-in, and will prevent all flash from loading on every page you visit, but give you the option of loading any given flash object by clicking on the empty frame is substitutes.  It adds an extra click per page to browsing YouTube, but the security is worth it. (but some pages that rely too heavily on flash will not work because you will not be able to click on all the flash objects to activate them...)

Between the two (and running them on firefox) I haven't had a single virus problem.

[Drayco84]

In addition to those mentioned, Firefox also has the rather powerful NoScript addon. By default it blocks ALL scripting, including the scripting from the site you're at. (In addition to ALL 3rd party scripting.)

Yes, I'm AWARE that it blocks ads, which are VITAL to ad-supported sites. (Hosting is RARELY free.) And it makes a mess out of sites that make heavy use of scripting. (You can unblock sites on a case-by-case basis with a left-click on the list.) But, I once got bitten with malware that was ONLY removed via a reformat of the HDD and a reinstall of windows. (And I was USING Firefox at the time.)

I also do most of my browsing on a comp using PCLOS (Another variant of Linux.) rather than Windows. In all seriousness, I think the Linux is more effective than anything else, but it requires a bit more know-how just to use it effectively.