VIRUS WARS I

THE BATTLE RAGES

canon

Field Report
Six months ago, if you had asked me “which is the bigger problem, viruses or spyware”, I would have said spyware. That is the exact time you should have given me a swift kick to my chair shaped rear. TODAY (August 27,2008): 2.8 BILLION REPORTED STOLEN IN ONE HEIST. Here’s the quote from Scotland’s Sunday Herald. “AN INTERNATIONAL criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than 2.8 billion in illegal funds.” That’s just one heist and one instance of what’s going on at an unimaginable pace. Another recent example is the SEK8 Million stolen from the Swedish bank, Nordea.

Like many others I thought formal “virus” threats had been reduced by the flood of AV software being thrown at us daily. I’m not sure when I stepped into this pile of confusion, but what is taking place is an increase in all forms of malware. No longer satisfied with the common infections of the past, custom code is the name of today’s game. Custom code written on a contract basis by the brightest young graduates. Technoliterate Crime Corps are targeting specific audiences, like CEOs, or single bank and retail groups. These heists net millions and sometimes billions with the click of a mouse.

The one point to take from this is, we’re losing the war on cyber crime. While I’m feeling snug and smug behind my oversized LCD monitor, the bad guys are robbing us blind. They are following slick, professional business models to net gigantic profits. They are as structured and well-run as any Wall Street Corporation and probably showing better profits.

Kaspersky Labs reports processing 1.5 million malware samples every year and expects to reach 2 million sometime in 2008. That includes 5 malware samples every two minutes and 17 trojans every 30 minutes. “It doesn’t look like we’re on the winning side”, said Roel Schouwenberg, senior tech assistant, of Kaspersky.

If you think all cyber crimes are committed behind the cloak of the Internet, then think again. It’s becoming more common to see crime syndicates infiltrating AV vendors with actual people, spies, pretending to work for your favorite software company. What we are viewing as protective software could be code specifically structured and recorded for future infection. The thought is chilling.

Arms Inventory

When your side is losing there are many questions that need to be asked, answered, and acted upon. Without this there is no hope of holding the line, much less advancing on the enemy.

Do we use AV (antivirus) and AS (antispyware) software? The answer to that is unequivocally, YES. By all accounts including PC Pitstop’s recent poll, over 98% of us use this protection. I found that figure surprising given the increasing threats, so the problem doesn’t seem to be apathy on the part of the public.

The next obvious question is whether the protection we’re using is effective. By now most everyone knows that a single solution is probably not enough. I first used a router before I had anything to route to. It was the protection it afforded that I was after. It makes a great firewall and I suggest it to everyone.

Hopefully, we all know to use only one AV (antivirus) at a time. We also know that many people will use an additional online scan for the protection that multiple libraries and malware definitions can provide. I run online scans regularly. A little wiser now, I monitor the running processes on my computer as much as I run AS (anti spyware) programs. The OverDrive report of running processes and AS programs like Spybot and Exterminate, are a perfect combination. I’m including some places that offer free scanning below.

FREE ONLINE SCANS
PC Pitstop OverDrive
Trendmicro
Pitstop Virus Scan

Judging from all the latest surveys we’re doing a great job of using the weapons provided. Firewalls, Antivirus, Process Libraries, Spyware prevention and removal tools, are all there and we are taking advantage of them. Other than the sheer number of threats being fired at us minute by minute, what is it that’s contributing to our demise? What is it that we don’t know?

Well, for one thing I don’t know why some people never have problems with spwyare or virus infections and others have nothing but problems. I don’t know who pays for software and who uses free. I know the number of people using free vs. paid is almost exactly 50/50 but I don’t know the breakdown by age. Couldn’t find reliable sources anywhere. Is my tech savvy 18-year-old neighbor more likely to use free than Aunt Lottie? Is free software more likely to have out of date definitions than paid?

I’ve heard more than one person say they thought AV companies were infecting machines to sell more AV software. While I don’t believe that for a minute, I do believe that software vendors have been infiltrated. I do believe there are successful spies placed into security companies without being detected. Are they there to sell more software? NO, but remember, it’s what we don’t know that will hurt us, and right now we still have lots more questions.

___________________________More To Follow__________________________

VIRUS WARS II

September 18-25 Newsletter
1. Targets Defined
2. Mission Orders
3. Plan Of Attack

(Visited 5 times, 1 visits today)

24 thoughts on “VIRUS WARS I

  1. Right Chris. And no single scanner finds everything. A person needs to run several AV programs (which all of them recommend you don’t) to find everything that can latch onto a computer.

    EG: I recently scanned/cleaned a system with AVG 8, SuperAntiSpyware, CounterSpy 3, Vundo Cleaner, ESET Nod32, and a few other tools. Found and cleaned 55 apps and 170 traces. The system looked pretty clean afterward. However a quick read of hijack-this showed several problems still present.

    I guess the only way to really be sure you’re safe is to shut the computer off. 🙂

  2. And therin (above) lies a problem that adds to the confusion….Legacy or old malware that sits on a PC for months, maybe years, then suddenly surfaces – User blames a much more recent download that may have nothing to do with the infection – Confusion reigns!!!!

  3. Alan Cowley

    The Win95 Bumblebee is an old virus dating to 1999 and is not seen much anymore. If you have not disabled your antivirus software as instructed some AVs may mistakenly identify the ActiveX download needed for the scan as a virus. If you have software finding the Win95 Bumblebee virus then it most likely came in quite a while back. As far as I know Panda, which is who we use for our online scan, is one of the few programs that will identify Bumblebee.

  4. I have been using computers since the early 90’s two of my faverts are old P-2 laptops one with 64k ram one with 96k never had an AV on either of them use them to read the news check my mail all safe sights. My current desktop a media center edition 2005 have had several paid AV programs on got infected. Use free AV now get infected once in awhile I don’t always use safe sights on this one.Have to reinstall windows every 8-10 months. Most of the time it is my own fault.

  5. I continue to believe that one of the best protections you can have for your PC is Email Remover. I am now using version 2.4.
    This little gem allows you to look at your emails while they are still out on the server, and delete any that you do not want downloaded to your PC.
    You can see who the sender is, the size, and the 1st 100 lines (if you choose). You can delete any that are suspicious, too large to download, or for any reason whatsoever.

  6. It’s true that no system is safe from malware, since every AVMalwareSpyware software producer would need to be psychic in order to know what’s being invented next or what has already been invented and just hasn’t been discovered yet. Anyone who believes they are completely safe is only fooling themselves and if it makes them feel good to do so, then I hope they enjoy it.

    There are likely a number of these evangelized freeware programs out there being offered by the very entities who create the malwarespyware their programs remove and I don’t care what the article above says. All of that work producing and updating these programs to just give them away for free is questionable. Don’t those people have jobs and make a living like everyone else or are they getting paid to create malwarespyware and in many cases simply rename and recycle their creations.

    Even new legally purchased DVDs, Audio CDs and computer games can pollute your system with all sorts of junk these days.

  7. Doug Woodall says that, “The casual user will not be able to stop their system from becoming vulnerable”. He is right. There is, however, a difference between ‘vulnerable’ and ‘infected’. My experience suggests that the casual user can use the Internet with a very high level of safely, in the same way that a modestly careful driver can use the roads without getting killed. My evidence? I am responsible for security at a computer club. We have five computers, used by many people (including many total novices) all day, plus we help look after the computers of many dozens of our members. Our security regime involves the usual range of mostly free AV, AS and firewall programs, plus locked-down user accounts (e.g. Limited in XP), all updated weekly. During the five years I have been personally involved here, we have had zero major infestations, plus perhaps a dozen or two serious single-item infestations (which were very quickly caught and removed). We have also, in this five year period and over many dozens of machines, had a couple of handful mysterious problems which have caused machines to play up sufficiently to require software reinstallation (though without being ever able to prove that malware was the cause of the problem). The only thing we have had lots of were tracking cookies and similar low-level threats. Accordingly, I conclude that computers can be set up so that even a casual user – even a careless casual user – can surf safely. The only proviso is that software has to be kept up-to-date, and scanning done regularly.

  8. dark41,

    I beg to differ. I don’t use any third party garbage on my systems. I know I am safe, and have full confidence in the systems I use. My machines are connected to the Internet 24/7, and I am on line a whole lot. There is no doubt in my mind about the integrity, reliability and security of the machines I have.

    Ain’t no malware creators getting rich off me 😛

  9. Doug Woodall,

    As as system builder/repairer, I think your Granpappy was onto something but I’d take it one step further.

    Even the techiest (is that a word? should be) user will not be able to stop their system from being vulnerable. I’m constantly trying new AV/Anti-spyware tools and have yet to find anything that can do it all. I’m also intentionally searching for new malware all the time so that I can fix it when my customers bring their infected systems to me. In fact, there are quite lots of malware surfacing now that no AV can get rid of. So we’re back to reformatting to keep our systems clean.

    The focus of malware now is more about getting our money and/or identities than destroying our hardware.

    Anyone who thinks they’ve never had malware on their system either doesn’t use their system online or has never tested it thoroughly. And anyone who thinks they’re smart enough to never get infected is the main reason these malware creators are getting rich. 🙂

  10. My Granpappy had a saying he was fond of.
    “Unless you’re really good with computer security, you need AntiVirus, AntiSpyware, and a reliable Firewall. The casual user will not be able to stop their system from becoming vulnerable”.

  11. I clean viruses and spyware from home users’ computers professionally. Estimated statistics for infected computers that I see on a regular basis:

    95% have expired AV (even for 1 day), more than 1 AV running at the same time (which cancel each other out with the end result of no AV), only a useless popup blocker, spam blocker or search protection from a downloaded toolbar or nothing at all. If they do have an AV (even free ones) they are not updated or configured correctly. Most of these people truly believe they are safe from viruses.

    90% have 1 or more of either Limewire, BearShare, Ares, MySpace IM, Free Trial Games and/or burn unauthorized copies of downloaded DVDs and/or watch YouTube and/or installed bootleg copies of programs with key-generators downloaded from Limewire, etc (usually to decode their unauthorized DVDs).

    75% do not have SP2, thus no firewall.

    75% have turned off Automatic Updates.

    50% have non-genuine Windows.

    Most blame their kids (or grandkids, nephews, cousins…).

    Very few actually seek out porn sites or click on unknown email attachments.

    Once infected, more than half wait to take it somewhere to get it fixed until they can no longer connect to the Internet, can not boot to Windows, or the unwanted, numerous or x-rated popups become too extreme for even the most tolerant people.

    Many will futilely attempt to fix it themselves first by downloading every AV and spyware removal program they can find, including some that bring more viruses with them.

    WHAT DOES THAT TELL YOU???

  12. What program does a complete job? There is no “visible” way to check whether it is done completely(or if at all). I have found certain programs to bring their own spyware into the system, and then says there is something that needs removing? Oh? My other Antivirus(or 3 individual checks did not see it) so what is really there? A lot of B.S. (I find out the program brought in fake problems). Kind of reminds you of a bad mechanic.
    Registry cleaners are bad for this. None can clean it 100% (according to other R.C. programs)Whats up with that?
    So viruses/spamware is the same B.S.?
    What are you to do, except to be paranoid, or stay off the web.

  13. In my opinion there is no perfect av abd as prgramme. I am not in favour of any one programme over the other. I use spybot and malwarebytes anti spyware. I also use windows defender. I scan my computer using all the three one by one once a week. av and as softwares must be updated before using them.In addition I also use Lavasoft Adaware2008. TQ

  14. What concerns me most of all is that we are offered FREE scans but then have to buy the programme to get rid of what has been found.
    I have PC Tools Spyware Doctor and it discovers the same Trojan and Spyware every day. It then proceeds to ‘fix’ the problem but in reality it doesn’t – it just sits there and resurfaces the next day.

    One has to wonder at the effectiveness of these programmes.

  15. Even if you are not a person who clicks on or installs anything downloadable, just because it promises to fix everything the world; there is still a lot of junk being spread by those who on the surface appear to have the best and trustworthy reputations. Anytime I really need to download something from a site I always use the SAVE rather than RUN option and then I scan the file with my Anti-Virus. Most often things turn out to be clean in that area, but then I do a spyware scan and more often than not the file is loaded with adwaretracking cookies, which are not usually much of a threat to the safety of my system, but I pay my ISP for my connection to the internet and unless these tracking companies want to pitch in and help pay my cable bill for usingstealing my bandwidth to do their business; I don’t want their junk cluttering up and slowing down my system. I know this junk doesn’t get bundled in all by itself and that someone (those offering the fileprogram) are making money by bundling this junk into what they are offering. Even this very website has crap mixed in with just about everything they offer for download, in the name of helping people with their computers. Makes no difference if it’s Microsoft, PC Pitstop or The_Vatican.com; nobody can be trusted, so all one can do is make time to take all of the extra steps they can in order to protect their own computer system.

  16. Impressed with your article i e mailed the link to my sister who has had a few virus problems.She ,also impressed, downloaded the free AV check offered by PC Pitstop only to find that the Free Virus check contained W95Blumblebee1738windows virus! Like your article said “who can you trust? Does PC Pitstop check the downloads it offers? If not all the informative items in the world about trust are a load of rubbish! (Very unhappy previous supporter of PC Pitstop

  17. I have found that the threats run higher with different AV applications. Our company changed AV software about 6 months ago and we are not getting more junk email and virus threats from one of the leading providers than we did with one of the less popular ones.

  18. Some people have problems and are aware they have problems.

    Then there are people who have problems and are not even aware of it, many of them religiously tout the fact that they never have problems.

    Then there are those who have problems, and know it, and don’t care.

    Then of course there are those who think that they can do anything because some lame piece of software will protect them like some kind of magical force field.

    Simple fact of the matter is there is no software solution that can 100% guarantee protection.

    Simple fact of the matter is no software solution will protect people who instist on clicking everything, ignoring warnings, and insisting on downloading and installing every piece of garnage they come across.

    Then there are the people who constantly give very, very bad advice about basic security practices because………well because………well there is no rational reason why they do it, other then the fact that they don’t understand basic security so they tell folks just turn it off because thats easier. Then isnatll some junk to make ya feel warm and fuzzy.

    The reality is warm and fuzzy software can’t replace common sense and basic security practices. It never will.

Leave a Reply

Your email address will not be published. Required fields are marked *