« Roomba's Algorithm Disseminated: Chaos Theory Illuminated | Main | SageTV's Theater HD: Better SMB/CIFS Performance, At Least Reportedly... »

Link This | Comments (10)

Brian Dipert

Malware: Another Pandemic Of Which You Need To Be Aware

May 10, 2009

Suzanne was spot-on a week ago in suggesting a cause-and-effect relationship between H1N1, aka the Swine Flu, and the broad economy, specifically the semiconductor industry and the systems those chips go into. While the impact on the travel industry, for example, may be more obvious (who wants to travel to Mexico right now?), any time there’s uncertainty folks tend to keep their wallets in their pockets. More uncertainty equates to less likelihood to pry open purses…for purchases that include cell phones, computers, flat-screen TVs and innumerable other electronics devices.

As such, I’m relieved to hear that reports of new H1N1 cases are subsiding, and that this new flu virus variant is overall milder than originally feared. However, I have two personal data points within the last two weeks, coupled with abundant ongoing media coverage, which suggests that an equally virulent pandemic of a digital nature is a far greater threat to the well being of the tech industry and its customers going forward. That threat is malware, which Wikipedia defines as:

Software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code….Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.

About a week and a half ago, my neighbor Mark called me with a tale of woe. The night before, while researching a mysterious bug that he and his partner Deb had seen crawling around inside their home, a Google search led him to a university website (which, as you’ll soon see, had apparently been appropriated by outsiders for nefarious purposes). Immediately, a pop-up window appeared on his screen ‘informing’ him that his computer was infected with dozens of viruses, and that he should click ‘ok’ to initiate a clean-up operation. He did…and immediately knew he’d done the wrong thing, because his hard drive started churning away, his network connection went crazy, and his computer slowed to a crawl. Within an hour of subsequent use, the Windows XP Home-based PC was so spyware-clogged that it was essentially unusable (even in the absence of an overt ‘die’ command).

Fast-forward to this past Friday, when my friend Terry down in Sacramento called me at 9PM on behalf of his spouse, Helen. She’d also been visiting a reputable website (no porn or Internet gambling in either case, folks), when an ‘alert’ from ‘Internet Antivirus Pro’ appeared on her Windows XP-based PC’s screen, again reporting numerous claimed infestations and offering to rectify the situation for ‘only’ $90. She wisely contacted me before clicking on the ‘purchase’ button, but the damage had apparently already been done. Her local computer consultant worked on the problem all day yesterday, she told me this morning, and the system’s still ridden with infected files, Registry entries and who knows what else.

I told her that she’s probably going to have to do what I helped Mark do; get all the important data files off the PC (in the hopes that they weren’t infected), then wipe the HDD clean (hoping that its boot sector isn’t infested) and re-install Windows from scratch. Mark had misplaced the install discs that originally came with his Toshiba Satellite P25-S507 laptop (PDF), so I donated a spare set of Windows XP Home CDs to the project. Before visiting any other website, we repeatedly went to Windows Update and kept installing available service packs and other patches, rebooting afterwards when necessary, until Microsoft’s servers reported we were up to date.

Then Mark and I went hunting for the peripheral drivers (graphics, Wi-Fi, sound, etc) that Windows Update hadn’t directly provided us. Toshiba didn’t make it easy; for some baffling unknown reason, the company’s support website download advisor doesn’t list that particular model. A manual search on the keyword ‘P25-S507′ uncovered many of the necessary bits, with the notable exception of the Nvidia graphics drivers. Fortunately, a bit of research uncovered the fact that the newer Satellite P25-S526 (faster CPU, slightly larger HDD), which was listed in Toshiba’s download advisor, had an otherwise identical peripheral mix, including the same GeForce FX Go 5200 GPU.

Microsoft, I think, bears a notable percentage of the responsibility for my friends’ quagmires. With both Windows XP and Windows Vista, the company decided that computers that had not passed Windows Genuine Validation would not be given access to the full suite of available operating system patches. Were computers standalone entities, this might be a marginally acceptable strategy to get folks to pay up. But the spyware infestations turned both Helen and Mark’s computers into networked virus delivery nodes, thereby putting an exponential number of additional computers around the world at risk. I’m delighted to see that Microsoft’s finally seen the error of its ways and chosen a more enlightened alternative path with upcoming Windows 7. Toss up notification messages on-screen, restrict functional capabilities, heck even abruptly shut down computers running pirated Windows copies after a few hours’ use, but don’t restrict their access to security updates.

Helen swears that her computer was both validated and had undergone its most recent Windows Update patch cycle just a few weeks earlier. I’m admittedly a bit skeptical, because it appears from her description that her computer was the victim of a ‘drive-by’ infection (i.e. one that occurred simply by virtue of her pulling up a web page in her browser), though I don’t have the PC in front of me for postmortem analysis and wasn’t with her when it became clear that Windows’ defenses had been overrun. Perhaps the virus payload was instead a malignant Adobe PDF or Flash clip.

Mark’s situation is equally intriguing. He’d apparently spent the previous week disregarding Windows Genuine Validation alert pop-ups from Microsoft, ironically because he didn’t trust that they were legitimate. A short time after he went ahead and confirmed validation, the bogus ‘multiple virus infestation’ pop-up appeared on-screen. Mark was initially cautious, but Deb pointed out ‘it must be ok, because it’s got a Microsoft logo on it’. Theirs was clearly a very bad decision, in retrospect, but an understandable one. And as he later watched me downloading Windows Update patches, Mark commented that ‘wow, I’ve never had to do that’. So I don’t know how long his computer had actually been un-validated, therefore security-neutered. I also wonder if his Windows Update settings were configured in a more passive manner than optimum for his particular degree of computer expertise; to download updates but not automatically install them, for example, or to only alert the user to the availability of updates without downloading them, or (heaven forbid) to even block update alerts.

Those of you who, like me, are predominantly-to-completely Apple computer houses might be feeling a bit cocky right now, considering that both cases I’ve documented were Windows XP-centric. I strongly urge you to wipe those smug smiles off your faces. Need I remind you of the numerous and voluminous Software Updates, many of them fixing discovered security vulnerabilities, which regularly come tumbling down from Apple’s servers to your Macs? And how many of you have heard of all those Mac users that recently installed pirated versions of iWork 09, later discovered to be ridden with malware?

Claim, if you want, that the pirates deserved their fate. It’s not just a pirate problem. As long as the Safari browser’s default setting allows the operating system to "Open ’safe’ files after downloading" (where ’safe’ mindbogglingly includes movies, images, music, text, PDF, ZIP archive and disk image files), any Mac user is an ill-advised administrator password entry away from following in Mark’s footsteps. And speaking of Apple products, don’t think this is just a traditional computer problem, either. In case you haven’t noticed, mobile phones (including, but not limited to the iPhone) are increasingly becoming quite powerful portable computing devices in their own right. The iPod touch, similarly, is a PDA running OS X and masquerading as a multimedia playback device. Heck, routers are even being attacked nowadays.

What’s to be done? Here’s where I’m at a loss for words. Operating systems and the applications that run on them are getting increasingly complex with the passage of time; it’s the nature of the business beast. No matter how robust the development and testing tools, buffer overflow and other Achilles’ Heel’s will inevitably creep into the code. Microsoft tried adding more user alerts to Windows Vista in the form of User Account Control, but users rebelled (some, like me, just turned the feature off), and Apple mocked its competitor in television ads (quite unwisely, in my opinion).

Malware prevention companies like AVG, McAfee and Symantec can strive all they want to stay on top of the malware flood. But malicious software developers, most of which reportedly reside beyond the reach of U.S. law enforement in Eastern Europe and China, are fiscally and otherwise (i.e. the notoriety of bringing arrogant Apple to its knees) highly motivated to keep one step ahead. Just as with a human virus, malware disables its victims’ defenses whenever possible, and it evolves and mutates in order to remain immune to inoculation attempts.

Thoughts, folks?

Posted by Brian Dipert on May 10, 2009 | Comments (10)

July 3, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
David commented:

There are three key points to keeping a windows machine safe from malware. First, make sure you are behind a hardware firewall (even a cheapo Wireless NAT router is good enough for most purposes). Second, never use Internet Explorer for general browsing. Use it to download Firefox (or Opera), and use it if you must on the one or two IE-only sites that still exist. Otherwise lock it down with "high security" mode. Your chances of getting problems from "drive-by" infections are not zero with Firefox, but they are minuscule compared to your chances with Internet Explorer. Third, make sure all your incoming email is properly virus-scanned, preferably at your ISP, and that you use a email client that does not automatically run dangerous attachments or html (try Thunderbird - if you are brave enough to use Outlook or Outlook Express, make sure it is fully locked down). Follow these technical rules, and there is only one thing left to keep your Windows system as safe as possible - use your head. If someone sends you and email titled "I love you", and you open and run the attachments, you really can't blame anyone else for the consequences.

June 10, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
anon42 commented:

There are plenty of examples of malware, bloatware, crapware, and ripoff-ware from known, big, "respected" companies. I bought a Microsoft-brand mouse. The driver/installation software that came with it, was 30MB ( !!! ). 30MB, to move a mouse around the screen. The mouse s/w is the only part of my (apple) machine that crashes. We wonder why. Verizon offered a "speed upgrade" to my DSL modem, for "free". We took the bait. We got a $30 bill for the new modem. OK, I expected new hardware would be required. Started loading the install software. IN THE INSTALLATION PROGRAM, IT SIGNED US UP FOR MOVIES AND OTHER SERVICES WE DIDN'T WANT OR ORDER. I erased all their software, and guess what: the new modem works fine without it. If the "major names" are so determined to load up our computers with crap that THEY want on them, what should we expect from crooks in Russian, Nigeria, China... ?

June 8, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
Problem is the C drive commented:

Hey, you guys the basic issues is how the PC is organized. MS keeps insisting that you mix your data and program with their OS. Bad idea, vary bad idea. Put your data on a flash drive and the program on 2nd physical disk then armed with a reload CD from the OEM (or one you made) and updates and protection, let the dice roll. With your data and program on alt media, you can reload the OS and will gain some protection from the bad guys. It will also make it easier for a helper to recover your system.

May 22, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
Johan commented:

Malware is creating a serious problem in that most computing power will be consumed by anti-virus software. When (de)compressing large file archives, i discoverd that compressing was almost 45% faster when i (temporary) disabled the virus scan software.... I also use linux machines, never needed a virusscanner on these :)

May 16, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
Tiamation commented:

...on the PC end: I would have said it's obvious to get the latest nVidia driver, but it is not as though I can go to PMI or Broadcom for the usual comms and wireless suspects. Mayhaps I can but gpl.broadcom.com eschews robots strongly? Moreover evolution machination and mutation are certainly parcel to rootkits and antivirus alike; not always so the OS, though disease serves humans in banging around preventing inbreeding (for everyone who doesn't just date aliens from south of the Kuiper belt,) whereas people can not just pick flagellar locomotion in lieu of advanced degrees. Still, the last time an OS did that well was with the Newton.

May 16, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
Tiamation commented:

There is a certain drive to run an automated object browser and plot a course to replace every logo and error message that do not truly serve and suit. No more OK for bad news is classical, truly universal vocalizations in lieu of the carriage bell more prone to personal taste. Slapping down applications' desire to open the default browser (This Page Designed for AutoDesk 15.3) or exact center of an even number of displays needs doing, along with clipboard marshalling. Certainly who knew that 'MalwareBytes' would be a cure who was not also newly willing to pick a captain on a boat on the Caspian? . These things are a Badge of MacOS and a dorkwise unavoidable GSA roadblock for Microsoft, which does the corpse-in-the-hallway-less-suspicious-to-probation-officer-than-corpse-in-bath thing (hint: not so much; citation to FARK due btw) by default. VM images are still taking over either case (whether or not apple service persistence was a contributor to the phenomenon, hailing application (memory) protection) with paranoiac alertboxes was a squandered chance for ...okay, everyone but SuSE.) . The solution is mostly to render your logos consistently in official matter; call out your startup items aloud; offer corroborable forum interaction, hints and help; and have someone read the CERT alerts as appropriate. AVG has my least-bad award except when it fell to twiddling firewall settings and wailing when renewal month came; paranoia is not a compelling adoption keepsake, and now I have to get in the proverbial solvent tank with a rebreather and a spatula. -That- was what the outsourcing was good to avoid. That and fitting out OpenBSD.

May 12, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
David_J commented:

I have no connection to the company that I'm listing here as a potential cure for many of these problems. The product is: Malwarebytes.Anti-Malware.1.29 The version is way past this but what ever version you find, do an update and the latest FREE version is available. The free version works but is manualy controlled and you do any updates. The purchased version can scan and update at predetermined times automatically. I write from experience with a similiar spyware program that I finally got rid of with Malwarebytes Anti-Malware.

May 11, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
me yes me commented:

Why do we have maleware? Its plain and simple GREED! Basicly this is a microsoft induced problem, no I''''m not talking of the simple file that when ran on a PC that causes problems. No I''''m talking of things like worms, trojans, Popups, Popdowns, adware, tray aps, and various other crapola! Microsoft in its infinate greed started all this stuff, most of the problems are related to so called "Features" that don''''t make sence, such as videos that run apps and such. Why is it that allmost every type of Windows malware uses some sort of stack, buffer, etc. overflow, again and again its the same thing over and over does microsoft test anything or do they just go Oooooooo it looks so good who cares if it works besides we have a monopoly and don''''t need to make it work. Just ask the government, microsoft has lost many a case, but will probably never pony up for any of its anti-trust violations. Microsoft worrys about crapola like the fancy "Look" of things, rather than what should be much more important, the way the program works! And another big problem is bloatware, this is all on microsoft, with it''''s if it''''s new it must take 10 times the space and be ten times slower, even though it realy just does the same thing as the old version, it just has a new wrapper. Then there is microsofts "newest" software, It trys to put a bigger latch on the door, but leaves the windows open, they seem to think making things more complicated will stop maleware (maybe for a short while till the new compiler comes out and the newest overflow exploit is found.) but as we can all see its not working. What would work is making the software, so that everthing is plain, simple, with no craptastic cryptic registry that no one, even so called experts can tell you exactly whats going on. And microsoft should include a hardware based test app, something like a prom on a usb key, people can run the app, test their windows, and know for sure their machine wasn''''t infected. And as someone said, get rid of this online activation, stupid zillion meg updates that include all sorts of BS not related to the patch, etc. Besides everyone already knows the online activation and reactivation, and rereactivation isn''''t about making sure windows is genuine, its about data minning, so microsoft can make even more I''''ll gotten money selling information on people. Maybe if the stuff worked right they wouldn''''t need to have computerised-phone hell mesaging systems, they would probably only need a few real tech suport agents, you know the type, people who actualy know something, not people who say keep running install till it barfs and then you can reinstall, and they wouldn''''t need to ship the support wing overseas because someones out to get em, after they kept them on the phone for 4 hours, and provided nothing more than type install over and over and over till your ready to kill someone. Me, well I use software not made by microsloth for internet, for watching videos, to write a letter etc. which fixes most of the problems, but its still running on windows, so ya know how that goes, no matter how good the app is, it still has to put up with microsofts bloat. Oh by the way a way to get around the post a comment problem which seems to be a time issue with the "protection". write your comment, copy it to the clipboard, reopen the page, paste the mesage, and then quickly type the "protection" letters and wa-la, it usaly works, but you have to be fast.

May 11, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
JustAnotherEngineer commented:

Well, I am not a Luddite, but it seems to me that too much of anything is bad news. The internet is no exception. I have serious doubts about the *cloud* mentality precisely because of the malware problem. I want my laptop to be a useful, functional tool even when it does not have an internet connection, and I resist the idea that my data should be kept on the web so that I can ''''reach my files from anywhere''''. I am OK with the idea that I can update the web copy from my laptop as needed, and will pay the penalty of having to merge my changes with collaborators'''' changes. Worse yet I abhor the up-and-coming idea that I the applications I need to use are on the web and that I will not be able to edit a document unless I am connected to the web. Webapps seem to me to be a prime point for infection. This mess looks to get a lot worse before it gets any better - and I do my most sensitive computing unconnected from the Web because I dont enjoy having to rebuild machines from scratch. Lately it has been geting harder and harder because Microsoft (and others) make it difficult to download patches and updates on a connected PC, where they can be scanned and verified, before burning them to disk for use on a clean, unconnected PC. This ''''all computers in the world must be on the internet'''' BS is being pushed by the very people who should know better. PS - I agree the effort required to post here is truly unbelievable.

May 11, 2009

In response to: Malware: Another Pandemic Of Which You Need To Be Aware
djk commented:

I also had the malware with all the ads. I wasn''''t able to remove it either so I reformated and reloaded my Xp-pro and started over. A couple of weeks later my neighbor also got the malware and I recommended that they download Norton 360 to try to clean up the system. Since they were not able to use the internet because of the adware, they went to the local store and purchased the Norton 360 CD. I ran the the program from the CD without going into Windows. Then loaded the program and ran the programs again. This worked and they are not having any more problems with the Xp system and the adware is gone.

About EDN | Site Map | Contact Us | Subscription | RSS

POST A COMMENT
Display Name

Before submitting this form, please type the characters displayed above. Note the letters are case sensitive: