Category: Vulnebilities

Computer Security : How you get infected with Malware?

Paul

I have had several people how they get infected in the past few weeks and I have scoured the internet to try to come up with some answers.   There are several ways to get infected and we will discuss them all here.   In case someone wants to get a better idea on how to avoid these commons ways of infections

What is an Exploit?

This by nature is the first thing we need to discuss because exploits are most common with Malware due to the fact that they like to use them to gain control over an Application or computer.

An Exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.

[Via Wikipedia]

Now it can come from several vectors that I know of and it doesn’t just have to be one but has to have several different programs running to happen.   You see malware authors like to write code to crash your system in a way.   Just like a Remote Code Execution, when they run the code it does something to the computer to make it install software without the users knowledge or permission.  When Remote Code execution happens it is most commonly used to take control over a computer process where the program is located in memory or on the hard drive.

Opening a PDF

As you explore the internet you may come across sites with PDF’s that are there to hide there true nature.   Just like the H1N1 Virus that is epidemic in the US,  Malware authors are using PDF to run a number of possible exploits on people computer.  There are a number of exploits that can be used in PDF and even examples for those who want to understand it even more.   It however means you should turn off auto-load PDFs in your browser.  Any browser will auto load PDFS without having to open a new session it will load in your browser without as much of a warning.

Fake files name

I don’t know what else to call this but you get an email with what looks like it is a picture but that isn’t always true.   For example you would get a email from a friend and it says it is a document and may look like documentname.doc.exe  which will also use an ICON that looks like a document and may fool you.  See the Hidden File extensions that need to be fixed in Windows 7 for examples of what I mean.

Fake Codecs

Codecs are a necessity to view videos but most often are not real.  [intlink id=”2991″ type=”post”]Fake Codecs[/intlink] are a way to get you to install malware when you actually think it is a codec.  Install fake codecs can lead to trojans, virus, or even key loggers.  I’ve talked abut this from time to time but figure it would be good to remind people about this.

Installing Fake Antivirus Software

Sometimes you may get to a [intlink id=”3964″ type=”post”]site that may look like it is a real antivirus[/intlink] but it in reality is a [intlink id=”3713″ type=”post”]scam and will scare[/intlink] you into buying there product.   Sometimes the [intlink id=”3114″ type=”post”]Scareware will say you are infected and send you a file to run to help protect you,[/intlink] if that ever happens don’t run it.   You should never run programs from sites that you have never heard of.    Always go to trusted vendors first or at least Google for the product name before you install any questionable software.

Website tries to use web Browser exploits

Just like WebAttacker uses scripts to try to exploit several different known exploits in IE and other such Browsers.   This is the most common way to get virus or trojans to be install into a computer.   That is why I will always recommend getting away from IE and running Firefox or some other low profile web browser

Windows Up to Date

It is very important to keep you Windows System up to date. That said you got to understand that if you don’t keep your system up to date there will always be an increasing possibility of getting an infection. Due to the fake that malware authors right after Patch Tuesday will know exactly how to exploit a system that hasn’t updated there windows system to current. Install Service packs and other patches is the one way to keep malware authors at bay.

In one of my next posts I will recommend software to use to help prevent some of this or even how to disable some of the most common exploits.   If you like this post please feel free and tell you friends so they may also learn more about Computer Security.

[ad#SUPERAntiSpyware]

Antispy.microsoft.com is another Scareware

Paul

It looks like the people who invented “[intlink id=”3805″ type=”post”]Antivirus System Pro[/intlink]” have made another site looking like it was a Microsoft site:

Antivirussystempro1

It looks like they use hijack your host file and inseart “Antispy.Microsoft.com” to the host file  with the IP address of “209.44.111.62”  There is no real website at Microsoft with that url so if you get this you have a some kind of trojan or virus on your system.   By using the domain name of Microsoft.com the chance that people will believe this is actually from Microsoft and buy this fake software is higher than with it having its own domain.

[ad]They seem to have incorporated the [intlink id=”3872″ type=”post”]Site Adviser Scareware tactics[/intlink] these tactics seem to be a new way for them to look Official almost like they are the read deal and should there for be taken for the REAL Thing.   You should [intlink id=”3884″ type=”post”]Download SUPERAntiSpyware[/intlink] and See if you can find the problem.   If that doesn’t work you can always remove this threat manually.

This has the same ideas as the “ITsecure.Microsoft.com” Malware, they both look like they are from Microsoft and have modified the host file but are really Scareware trying to trick you into buying there fake antivirus and you would be loosing money.   I would recommend you checkout my [intlink id=”2205″ type=”page”]Malware resources[/intlink] and find out what I recommend to prevent this from the future.

Using Malwarebytes to get Rid of Malware

Paul

Malwarebytes

I have been using Malwarebytes for quite some time.  I have the Installer for Malwarebytes in place on a  USB drive so i can use anywhere I go. I have seen several computers with very old Viruses and this actually detected them.

[ad]How Malwarebytes useful

  • Malwarebytes has a really good protection module to help prevent infections in the first place, but that requires you to buy it.  It should never be used without at least a [intlink id=”2205″ type=”page”]firewall installed[/intlink] but it is a good defense against what I like to call a Drive by install.

  • Automatically create logs of Malware that is found — This is good to for people who want to be able to check out what might be infected.   Also good to help identify the virus or Trojan, and find out how to uninfected it.

  • Cheaper than buying AVG — Cost $24.95 which is half of the cost of buying AVG.

As you can see buying Malwarebytes can be cheaper than buying AVG or Norton and protects your almost as if you have a brand name.   I think if a customer can’t afford $50 this would be the next best thing to suggest being that it will at least protect the system.   You can always install a [intlink id=”2205″ type=”page”]Free Anti-virus[/intlink] along with Malwarebytes to better protect your system.   This is one way to not have to buy expensive antivirus and yet still protect your systems from Malware.

No matter if you Buy Malwarebytes or use the Free version you are better off then not having it.  With the Free Version you can’t unlocks real-time protection, scheduled scanning, and scheduled updating.  These can be done manually without the having any Real time Protect.   You can scan manually and Schedule manually without buying the full version.  This is still a good buy, I recommend this to all my customers.

A few Zero Day Exploits in the wild — Heads up

Paul

Several different Security Vendors are Reporting that there is an ActiveX and Directshow exploits out in the wild.

The Directshow file in question is : msvidctl.dll

[A work around to prevent this]

[ad]It involves an ActiveX control called the Microsoft Streaming Video control and there is no workaround that I know of just yet.   Microsoft is aware of these exploits but we don’t know when they will release the patches.
These flaws mean that if you visit an Infected site you will most likely install software that you really don’t need or want.   You should be cautious where you go especially on chinese servers because some of them are reporting that they have seen an overnight bloom of sites that have these exploits in place.

People should take care and [intlink id=”2205″ type=”page”]install anti-virus and firewalls[/intlink] even the free ones are the best choices right now to defend againts these types of attacks.  You should also make sure you have the updated virus definitions and make sure you have the latest version of the AV program.

It is also suggest for users to not use Internet Explorer to prevent some of these exploits but take care and install a good browser, I would suggest Firefox to better protect your computer from some of these exploits.

Michael Jackson Malware on the Rise

Paul

In the last 24 hours the spammers and scammers have begun to distribute spam with the guise to:

    [ad]

  • Harvest Email Addresses —  This seems to used to ask users to respond to the email to get “top secret” information about how he died.  Security experts believe this is an attempt to verify email addresses for future spam attempts.   Although it isn’t wise to reply to people you don’t know about it at least has very little risk with your computer for the time being.

  • Fake Codecs and Hidden Trojans —  Seems this is the main thing they are doing right now to get personal computers on their networks.   So you should never visit a site you don’t know about without having an Anti-virus software and A firewall to better protect your system.

  • Extortion Ware — This one is very interesting, and According to Webroot.  You should avoid sites that you don’t know anything about.   With News of anything major you should keep with the trusted news sites.  This one looks to be the bad guy type.

These seem to be a common ploy with scammers and spammers who want to get money from you in one way or another.   I have been watching the Google searches and haven’t seen any malicious sites but I could of missed one here and there.

You should always have an [intlink id=”2205″ type=”page”]Anti-virus and Firewall[/intlink] available to help protect your system from these types of attacks.   If you had some kind of protection to better protect your computer.  Remember no one can stop computer infections but you.