<$BlogRSDUrl$>

04 February 2010

Even well-guarded PCs may get infected By Dennis O'Reilly (via WindowsSecrets.com) 


There's a window of vulnerability between the appearance of new malware and the updating of anti-malware tools against the new threat; you may fall victim in that interim.

That's what happened to one Windows Secrets Lounge member, whose well-protected system appears to have been subjected to a questionable download in his browser.

Malware can enter a machine through the recently discovered IE hole that Yardena Arar described in her Jan. 21 Top Story. Windows Secrets Lounge member Cris Wadlooper experienced a different kind of threat, which he explained in the comment thread for Yardena's story:

"I noticed that I had a PDF download pending in my Firefox queue, which I dismissed instinctively. (Why is there a file in my download queue? I asked myself.)

"Disclaimer: I have IE6 on a Win XP2 box, Firefox is my default browser, IE is only for banks and other dinosaurs, etc.

"I then browsed around a bit as usual, using Firefox, and the same download appeared! --- interestingly, just after I refreshed Boston.com for some local news. (I block Boston.com from opening pop-ups via my Firefox preferences, yet the site still manages to do so!)

"Somewhat stupidly (before finishing my coffee!), I accepted the download request out of coffee-deprived curiosity. I (again, stupidly/curiously) opened the PDF, and it was blank!

"The silver lining to this story is that I opened the file using an open-source PDF reader, Sumatra, which I use because Adobe Reader is so bloated. After seeing this blank PDF, I immediately Shift-deleted it, and so I now don't remember even the file name.

"However, I also instinctively (even in my coffee-deprived stupor) ran a deep scan immediately. Nothing was found --- likely because I sent the file to never-never land instead of the Recycle Bin.

"So, maybe this tale is nothing but a blip in the universe of the brave new world. But did anyone else get pushed a PDF from some seemingly random site over the past few days?"


It's impossible to know all the threats circulating in the wild. But it's a good idea to use more than one tool for finding and eliminating Trojans, viruses, and any other bad actors that may have laid claim to your system.

One of the best tools for clearing a PC of malware is the free Malwarebytes Anti-Malware (more info). Note that only the paid version of the program provides real-time scanning for malware.

Most of the major antivirus vendors also offer free online scans you can employ without having to purchase the full product. For example, Symantec offers Security Check, Kapersky provides Free Virus Scan, Trend Micro has House Call, McAfee offers FreeScan, and so on. Running several of these may uncover infections that any one tool might miss by itself.

And of course, you also need to patch whatever hole let the malware in. For sure, replace IE 6 (even if you never surf using IE 6) with IE 7 or 8, both of which provide security features that IE 6 will never have. In the case of the IE Aurora vulnerability, apply the new Cumulative Security Update for Internet Explorer explained in Susan Bradley's Jan. 28 Patch Watch column (paid content) and in MS security bulletin MS10-002.

Senders may unwittingly spread infection

One of the precautions mentioned in Yardena's story is to contact the sender of a suspicious e-mail to verify its authenticity. WS Lounger Hans Bool expands on this point:

"[M]ost users wouldn't know how to open attachments in the inbox safely. As you suggest --- contacting the sender --- may not be a secure solution at all! He or she may have unknowingly attached an infected file!

"My routine strategy is to save any unopened attachment to my desktop or other location and scan the file with my virus program --- in my case, MSE [Microsoft Security Essentials] --- before opening the file."

As we've seen time after time, no combination of software settings can replace a little innate skepticism and a lot of common sense.


Comments: Post a Comment

This page is powered by Blogger. Isn't yours?