![]() Make sure your anti-virus is up to date, do regular scans of your computer - but MOST importantly –keep backups.Īs for the clients, one of them uses Norton GoBACK (since superceded in the marketplace by Ghost 14), so they restored their machine back an hour before the infection occurred, went back to the NY Times site, got re-infected, restored AGAIN using GoBack, and then stayed away from the NY Times site. There is no strong defense for this, as nothing you overtly do can cause it. (This piece of spyware also eluded my trustyMalwarebytes Anti-Malware ( which should reinforce that no one piece of software can provide 100% protection. If you don’t have an anti-virus product installed - or even if you do - you might want to visit a different security vendor site than the one you have to do a check. Kaspersky, and most othersecurity vendors, offers an online scan of your system (requires Java). I’ve never considered MS a true player in the anti-malware landscape, but perhaps I will re-evaluate. The one thing that surprised me on the results was Microsoft’s detection, trumping McAfee, Symantec, AVG and Clam-AV among many others. You can see the full report over on VirusTotal’s site: I also ran the file thru which tests against 41 scanners, and 7 scanners turned up a positive on our file: Somewhat sadly, only 5 out of 37 scanners picked this up as malware: Since I’m a professional, I downloaded the file - I didn’t run it - and I submitted it to an online file scanner which tests a file against 37 of the leading anti-virus vendors. Flash movie loads and redirects your browser to a rogue site, and they’re off to the races. In this case, they seem to be using Flash as an attack vector. They probably serve a lot of legit ads, but in a few instances, they serve illegitmate ads. However, this is a clear indication of how a fully patched system gets compromised. Seems reasonable - you got a warning you were infected, and you want to download a file called “Scanner-75f_2015.exe” seems legit. If you click ANYWHERE on the page, it will prompt you to download a program: If you go into taskmanager and find iexplorer.exe (or firefox.exe if you use Mozilla Firefox) and right-click on it and choose “End Process” that should make the pop-up go away. The infections it reports are false - the only infection you have (at the moment) is the webpage. The page that pops up is meant to scare you. We don’t have an E: drive … and the optical drive we have is a CD-Rom, not a DVD-RAM drive… ![]() Of course, your instinct is to click “Cancel” and you do, and then you’re scared out of your wits when confronted with this page from (don’t go there!) and proceeds to make you think you’re infected.īut, if we take a second to look at the scare box, we see something is amiss… So, no matter how you answer, you’re already stung. I opted not to and surfed around the site, fighting the information bar’s insistence that I install an ActiveX Control. I sparked up an unpatchedWinXP Virtual Machine running IE6 and went to the NYT website, and was prompted immediately to install flash. (There didn’t seem much to clean up, I killed a running process of IE (she uses Chrome) and the scare-screen went away. I was able to CoPilot in and clean things up. ![]() My MIL said she was trying to read Maureen Dowd and got hit with a rogue anti-spyware application. I’ve gotten two calls from clients (OK, one was a client, the other my mother-in-law) saying they visited the NYTimes website and were attacked by malware. ![]()
0 Comments
Leave a Reply. |