“Help! My computer has a virus!”

Unfortunately, this is not an uncommon phone call from some of our clients and it usually involves a few hours of emergency works to get the computer back under control and secure again.

So, what lessons can be learned?

How It Starts

The current common variant is the “Fake Alert Trojan”.  An alert pops up on the users screen declaring some sort of emergency status – such as the computer is infected or the hard drive is damaged and data is being lost right now!

Very often the fake alert is designed to look like the user’s anti-virus solution – such as Norton or AVG – and so appears to be a legitimate warning that the user would expect to see.

As soon as the “Recommended Action” is taken – a button on the Fake Alert window such as “Begin Scanning Now” – the Trojan fully installs itself and has bypassed most of the normal security (such as a virus scan of a downloaded package).  From then on, no amount of clicking or trying to close the window seems to work.

On top of that, key functions that assist in killing a program, such as the Process Manager in the Task Manager, have apparently been disabled (appearing as greyed out buttons or links).

Obviously the user is in a bit of a panic by now – and even after a reboot things seem to be stuck.  Clearly this ploy works sufficiently well on some folks that they go ahead and pay up via the provided link in the Fake Alert (a common goal) but that doesn’t help any, of course.  For others, it’s an even more expensive call to the tech support folks to get them to fix it.


 

Resolutions

I’m not going to go into how to fix the Fake Alert Trojans – there are many and better documented cases available already.  Suffice to say, it usually involves some registry edits, Safe Mode operations, lots of scanning by various security applications and some general cleanup and updating.

Key Lessons

A significant portion of Trojans these days are able to popup their Fake Alerts by exploiting some sort of loophole or fault in an installed application or operating system.  And no operating system is safe, though Windows is far and away the most common and thus the most commonly targeted.

On an almost daily bases, software houses release new and updated versions of their software to patch these security holes.  Every week, usually on “Patch Tuesday”, Microsoft release their patches and updates – and very often these are made available within a few weeks of the original problem being detected.

Since there is an ongoing effort by the software and operating systems providers to close these security holes as quickly as possible, how are people still being infected or having their machines compromised?

Plain and simple: not keeping things up to date!

Without exception, every virus or Trojan cleanup that I’ve been involved in has ended with the application of security patches and updates going back a month or two or much more.  Whether it’s “I was too busy” or “I didn’t realise the importance of it” or some other legitimate-if-unfortunate reason, the security updates are not applied in good time and they get exploited.

Business SLA

For our business clients, it is standard practice to proactively apply security patches as quickly as possible once released, so, end users who are focused on keeping their own business running and their own clients happy, don’t need to be worried or concerned about whether or not it’s safe to be connected to the Internet.

For those clients who have only a reactive service, the more expensive post-infection cleanup is the only option if they haven’t been on top of it themselves.

Our Basic SLA provides this proactive security patch management as standard – click here to take a look at what other proactive technical support services are included.

This entry was posted in Anti Virus and tagged , , , , , . Bookmark the permalink.