Sunday, August 08, 2010

Let's try to avoid listening to radio stations on the PC ok?

**Update - this information includes streaming audio from Pandora. I tested this today and had 7 intrusion attempts which were partially stopped by NOD32 4.0. Upon running my super antispyware, I found trojan.agent/Gen-CDec[X] had been installed. You have been warned!

Well I am back. It has been an interesting summer to say the least. The top issue I am covering for my clients seems to be the fake antivirus scanner trojan/exploit.

What this is: Your computer has been penetrated with a malware product which tells you that you are being hacked. It itself is fake, in that it is a multistage exploit with the intent of having you click through many things to get the final target payload of malware installed on your computer.

Even if you do not fully launch this nefarious app, it will cause a lot of problems as the code will disable your tools to fix your computer including:

a) your antivirus program will be degraded - often just removing it from the toolbar so you cannot see the warnings from it

b) your malware tools will not launch properly or if they can, will not update

c) your IP traffic will be rerouted (via proxy server) so that the next rounds of malware can be sent to your computer without your approval

d) possibly since a proxy server has been set - your computer will be using someone else's internet path, thereby allowing them to see the traffic going through your browser. This will allow password mining while you log into your accounts (especially bad)

e) your task manager will be impaired, as you launch it to view what is running, it will close immediately making visual checks of your system impossible.

My advice - seek help. There are many ways to cure these problems but really, the nature of exploits is user acceptance of the next stage of installation of these malware apps, that is the clicking inside the box where the pop up will occur. This includes clicking the red "x" which in most operating systems means cancel, or stop. These hackers have made that command the same as the "ok" button.

You see when you use a modern operating system, the console actions of an internet session require user acceptance of a code installation. That is good. But, these hackers have manipulated the interface where the red "x" acts like "ok" and not stop.

What this means is that when you suspect that you have a fake pop up, you should try to look at it and see if it is one from your operating system or your antivirus program. The problem with this advice is that the current problem I am fixing these days is trying to pretend that it is your antivirus program.

When this happens, if you first were to shut off your computer, and not click on any area on the screen you may have stopped the app from loading. Problem is that since the pop up occurred you probably have some level of breakage.

If you follow the instructions on the internet - you will find ways to fix these items but really what you need to do is have a security specialist evaluate your computer to see that you have properly locked all the ports on your system, have a functional antivirus program, believe me many of them most popular ones don't work. Plus you need to be using tools to work on your OS to cleanse potential malware from taking root in your system.

There currently is not a single application to ward off this latest round of malware. I have identified this week's problem as coming through local radio station webcasts of streaming audio. This means you go to your radio station. You click on listen to live stream. You start listening. It plays for a bit and loads the malware through banners which are on the web page. Bam, in a matter of time, your computer is showing popups indicating that you have a virus and you need to launch something to clean it.

If you launch this first round - it will open up a blue bordered window which shows the program scanning your computer. This is of course fake. It will ask you do click some more things to identify the problem which is when the IP traffic is rerouted and the security apps are shut off.

Go seek advice on this one to see how to reinforce your computer after it has been fixed of course.

Or better yet - use a radio instead of your computer to listen to the radio...

Shoot me an email if you have questions generide(at)yahoo(dot)com

No comments: