Fake Software Viruses take a new turn

We all know about the Fake AV, Fake Security Center, and similar malware. I’ve started running into a new variant, one that is a bit more of a pain.

I would say that 75% of my job winds up being removing malware from clients machines. I find it annoying, and really would love to find a way to rid the world of the scourge of malware, but that is a rant for another time.

I’ve watched the malware come in waves over the years. The spyware craze of the early 2000’s, the Melissa and I Love You viruses, the start of the Fake (Insert software here) malware. The Fake software ones have been merely annoying, and pretty easy to remove with standard tools, at least until now.

Over the last couple weeks, I’ve run into a new version of the Fake software malware. This one not only claims you have problems, but then turns around and at minimum hides folders on the machine so it seems that you’ve lost most everything. One variant even removes most of the system restore points, and hides essential folders. This second one, is the biggest pain to remove.

Combofix, Malwarebytes, and Superantispyware, will find and remove the malware, but the damage done to the machine between having to reset permissions, to unhiding folders ( and sometimes having to dig down to find what folder is still hidden), to repairing the system restore feature (got do %windir%\inf\sr.inf , right click and install to repair it) of XP is time consuming.

I know that the underworld of the internet makes a lot of money off malware, but this is just getting ridiculous. One would think that machines with up to date antivirus software should be able to stop this stuff, but obviously it doesn’t. It does make me wonder how different the variants are.

Apple: Fanatics and Malware

Ed Bott (@edbott Twitter) at ZDNet has been feeling the wrath for the MacFanatics after he reported, “According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform. ”

Lets get some things straight. I’m not a Mac person. I think its a nice Operating System, and has its place out there, but I think the Cult of Mac, just like the Cult of <insert favorite OS here> needs a reality check. There are good and bad point to every OS, and each one shines in its own way. Microsoft is still the most popular, Linux is great for older or less powerful desktops, and Mac is fantastic for Graphics. It is what it is. Security wise, all of them have their plus and minuses. Any sane person knows that no OS is completely secure, and all can have viruses. So why when a report about one for Mac, let alone a kit to make more, comes out that many Mac Fanatics have to start attacking the report as a FUD (Fear, Uncertainty, Doubt) campaign?

The story I am referring to is written by Ed Bott, in his Microsoft Report Blog on ZDNet. “Crying Wolf? Apple Support Confirms Malware Explosion,” is a well put together article. It references multiple sources, and does a good job of defensing his original post from May 2 about the possibility of more Mac Malware coming. The Mac Fanatics tend to disagree, and do so in a lot of unprofessional ways in the talkback section of the article. Heck a lot of the deny the current malware even exists.

Let us pose a simple question. If 1 million people get a disease one year, and 100 million get it the next year, would that be considered an outbreak? Most people would say so. 100 time more infections. Yet according to a supposed number (which I cannot verify), there were 2 mac infections last year, and the new malware has 200 infections. That is the same 100 times increase. That is still a significant rise in the number of infections. Is it the end of the world? No. Does it mean that Mac users are as gullible to social engineering as Windows users? Yes.

In fact, being a SMB Consultant, 95% of the virus infections I deal with on a daily basis are socially engineered. Through Facebook, ads, e-mails, doesn’t matter, the end user has to do something to get infected.

Mac has been known for its security. I remember a long time ago when Mac Servers were basically unhackable. Times have changed though. the last 3 PWN TO OWN conventions, Apple’s vaunted OS has fallen, and fallen fast (even when they have patched right before the competition). In 2009, it was reported about the first Mac Zombie Botnet was active. Let see, to become a zombie on a botnet they have to hack your machine, and/or usually slip a rootkit and a trojan on it. That would be considered malware.

The evidence has shown that Mac isn’t as secure as it used to be. Its the way things are. Get over it and act like adults when debating things. I’ve had debates with Ed over his Microsoft slant in the past, but he does slam Microsoft a lot also. His blog is like this blog on more well known. Its news mixed with opinion. Take it or leave it, but as one talkback comment reminded people, the end of The Boy Who Cried Wolf finished with the wolf actually showing up and causing damage.

Here we go again with virus hunting

Viruses are everywhere in this day. They slip past the defenses we put up, mess with our system, and even steal our information. Its a billion dollar black market for some, a set of hi-jinx for others.

For me, its a thorn in my side. 75 to 90 percent of the SMB calls I go on are for removing a virus/trojan from a PC or Laptop. Every time I get asked the same questions. How can we stop this, why did it get through, etc. Unfortunately, I don’t have a good answer for them.

I explain that tis a war. That virus writers are always a step ahead. Antivirus companies have to see the virus so they can stop it, and even that doesn’t always work.

The only way to be safe completely is to not use computers, cell phones, paper, ipads, and anything else that can hold a record. That isn’t going to happen. So I tell them to make sure updates are applied when they come out, and to be on the cautious side concerning web sites. Then a month or two later, I am back out to them removing another virus.