| Preventing malware infections in your organization |
| December 8th, 2009 |
Background:The most prevalent malware infection that we’ve seen in recent months is known as “ANTIVIRUS 2010”. This fake antivirus package goes by a number of aliases: Antivirus 2009, Antivirus 2008, Doctor Antivirus 2008, Ultimate Antivirus 2008, Vista Antivirus 2008, etc. These applications pretend to be genuine Anti-Virus/Anti-Spyware programs, but their sole purpose is to sell fake anti-virus programs to users by tricking them. Why doesn’t my Antivirus program prevent the infection?McAfee and Symantec are the two largest anti-virus software manufacturers. Unfortunately neither of these software vendors has been able to keep up with how rapidly this fake anti-virus package changes and mutates. ANTIVIRUS 2010 is constantly updated on almost a daily basis and is always a few steps ahead of McAfee and Symantec virus definition programmers. Common Symptoms are: (If your PC is infected by Antivirus 2010)• Always starts Antivirus 2010 scanner and displays that hundreds of virus/spyware are infecting your pc and prompts you to clean.
• Flashing icons appear on your system tray and always tell that "Your computer is infected"
• Slow performance and system errors
• Hijacked your homepage to Antivirus 2009 website
• Change your wallpaper with virus warning and hide Desktop and Screen Saver Tab
How does a PC get infected and what does it look like?The most common infections come from seemingly legitimate web sites and social networking sites such as Facebook, MySpace, Twitter, and MSN . While these sites are all trustworthy, the people that advertise and post content to these sites may not be so trustworthy.
1) First, a prompt pops up on a web site asking you to click "ok" to continue. (As soon as you click ok, your computer is infected)
 2) Second, a fake Anti-Virus warning pops up, indicating that your computer is infected and needs to be scanned.
 3) Third, a fake Anti-Virus Scan starts and then prompts you to enter your credit card number to purchase the full version.
 How do I prevent malware infections in my organization?There is no single method that works all of the time to prevent infections. Some malware infections can bypass anti-virus software and firewalls.
1) Education - The best option is to educate users in your organization. If your users see similar activity to what is shown in the above screenshots, they should stop what they are doing and contact us immediately. It's much easier to stop a virus in the early stages than it is to wait until it has infected the entire machine.
2) Policies - In every case we've seen, the infected user was browsing personal (Non-work related) websites. A good way to prevent this is by having your employees sign an Acceptable Use Policy. CCEX has provided policy templates here: http://www.ccex.com/templates.php
3) Updates - Keep your workstations up to date by visiting the Windows Update site once a month. Make sure to verify that your anti-virus package is up to date.
4) Gateway Protection - For organizations using Watchguard Firewall products, Gateway Anti-Virus can give your network added protection against malware.
Many users contact us at the first sight of a potential problem and we are able to resolve the issue in a matter of minutes.
Some users get fully infected and then start downloading additional software trying remove the malware themselves and only call us after the machine is no longer functioning. At this point it can take hours to remove the malware and sometime the Operating System may need to be completely removed and reinstalled. What should I do if I do get infected?Stop using the computer immediately and avoid shutting down or rebooting as this helps the virus spread further. Contact CCEX so that we can completely remove the infection. Video of a Malware Infection:
As always, feel free to contact CCEx with any questions or comments.
By: Jeffrey Pena Senior Network Engineer Capitol Computer Exchange |
