A Unique Take on Infections - Image From SunBelt Software (VIPRE Antivirus)

While on calls in Beaverton or elsewhere, I always get the dreaded “How’d I get infected?” question. Unfortunately, it’s too broad of a question to answer the right way.

The reason I say this is that there could be hundreds of programs installed, each with their own security problems, windows updates missing, Antivirus and anti-spyware programs missing or not updated, firewalls turned off, etc.

Then, we have the “Adobe Affect”. I call it this as a lot of security researchers feel that the majority of attacks will come from Adobe this year. On top of this, there is a huge amount of vulnerabilities in the Adobe Software already. Unfortunately, the software company is typically slow to release security patches as well, so Zero-day flaws, are slow to be fixed.

Today, Sunbelt Software, the writers of VIPRE Antivirus, notified their followers, via their blog, of a flaw that allows attackers to get into your computer after the Adobe Updater Runs. That’s right ladies and gents, the simple fact of updating Adobe to patch security issues can now infect your computer. How to stop this issue? First, reboot if you see that Abode has updated.

It’s sad to see such software cause infections. Adobe Flash and Reader are some of the most popular programs installed on computers today. Well, it’s not sad – I should say that it’s disheartening. Adobe has a huge target on their back, just like Microsoft. Sadly, Adobe doesn’t really seem to be taking the issues head on, like Microsoft does with their anti-spyware, IE page blocking, etc.

So, the moral of the story is – don’t trust any software to be perfect. The more software that is installed, the bigger the target you have on your back. Keep your computer updated and for peets sake – STOP running in Admin mode with UAC turned off!
Justin

This week, while hundreds of people throughout Beaverton, Portland and elsewhere restarted their computers and got a Blue Screen of Death, Microsoft quickly back peddled on the update they released. They started researching the issue, yanked the update, and now have stated that malware crashed thousands of computers across the world.

Microsoft stated that removing the offending malware caused the computer to be able to boot. This means that if your computer rebooted, blue screened then rebooted again (rinse and repeat), you had a malware infection you didn’t know about.

Read more about this issue on PCWorld.

The affected file is the atapi.sys file, which a lot of computer repair places have seen infected and causing problems recently, but a lot of people just didn’t notice. If you’re still having problems with this isuse, give Protocol16 a call and we’ll be more than happy to help out.
Justin

So, with the advent of all the video floating around the web, there is a new scam floating around as well. It specifically attempts to attack Flash, which is installed on roughly 90% of all the home computers online. As the screen shot points out, the attacking website may get you to “Fix” or install a plugin to get the video to work. Sneaky stuff.

Why am I hitting on the whole Spyware/Virus issue lately? Because this is the number one thing we’re seeing right now. More specifically: Fake Antivirus software that attempts to get your credit card information, shows you Pornography, etc.

As always, if you have questions, please let us know.
Justin

There is a new type of infection happening that even has some of the best anti-virus companies stumped. Recently, it was found that Virus and Malware writers are getting more sneaky on how they infect you.

They are specifically targeting Google users. Recently, it was found that you could get infected simply by looking through Google Images. On top of this, other sites only infect you if you come from Google. This means, if you type the web address directly, you don’t get infected.

Very sneaky stuff indeed. This makes it harder to clean the infection, as the website owner usually goes directly to the website to check the problem directly.

Be careful out there, it’s getting more dangerous.
Justin

There has been a rash of sites across the internet that have been hacked by various bots and “evil” type people that have taken over websites all over the place. This weekend, I was on a major blogging directory looking at the Top 100 sites and decided to visit one. I was instantly met with a “You’re infected” message that quickly turned my Mac browser into Windows, with Windows Prompts and all the goodies – including hard drives that I didn’t even have…

With all that, I figured there are a lot of people out there that don’t know what to watch out for, so I took screen shots while it proceeded to “scan” my computer for viruses and spyware. Note: If you haven’t gotten the humor or hints, the following describes exactly what some people see when they get infected with fake antivirus software.

So, without further delay, I present a Protocol16 first: a Video about Spyware and Virus infection on a Windows 7 computer. See it here. I go through exactly what happens with a general user when they are prompted to download and install a specific type of fake antivirus package.

There are A LOT of people here in Portland asking for repairs and fixes for spyware and viruses. Many of you – ok, most of you, have asked how you got infected. Aside from the standard industry answer of sultry websites you shouldn’t visit, there are multitudes of websites, blogs and different types of software that can infect your computer. This is actually why Protocol16 recommends not running your computer in Admin mode (another story for another day).

As a case in point on how you can be infected, it can happen simply by viewing a nasty ad on any normal webpage. Drudge Report, Lyrics.com and even Horoscope.com were recently hit by some nasty ads. These sites didn’t know these ads were listing on their site since they all used the same company to display ads.

As the above link points out, you can pick up some nasties anywhere… This is all the more reason to run antivirus software, at least a weekly anti-spyware check (if you don’t run the software full time) and a few other requirements to stay safe. Check back tomorrow for more recomendations as to what you should do to keep yourself protected even more.
Justin