You practice safe computing, so why do you still see malware?

Quite regularly, I get feedback from our customers that they've found malware on their computer, and don't know how it got there.

While you may think this is due to malware exploiting unpatched bugs in the Windows operating system, it isn't: these customers are predominantly using OS X, and they usually have all the latest patches applied. However, the malware they're finding is indeed often for MS Windows operating systems.

So are they infected? How did it happen? How COULD it happen?

The real story is both simple and a bit disturbing: our scanners are detecting these files in a few key locations: the email cache folder, email attachments folder, web cache folder, web downloads folder, and the Java web cache folder. See a pattern here?

These people are victims of drive-by downloads and malicious spam campaigns. Without visiting any shady parts of the internet, they have managed to pick up a collection of malware that, if successfully run, would likely result in their computer becoming part of a botnet.

EXAMPLES


Troj/Gida-A: drive-by Adobe Flash download that downloads and installs botnet software

Exp/MS04-028: drive-by JPEG download (can also show up as a false positive in partial jpeg images as it's an exploit detection) that can execute privileged code on un-patched Windows computers

Mal/JavaDldr-B: drive-by Java download that downloads and installs more malware

Mal/Iframe-AA: drive-by JavaScript in hidden IFrame that redirects the user to a page that detects what their system is vulnerable to, and attempts to exploit those specific vulnerabilities with the aim that the target joins a botnet

Mal/Iframe-AD: drive-by malicious HTML IFrame used in SEO-poisoned search results (often image searches)

Via email:

Mal/BredoZp-B: BredoLab botnet-generated, arrives via email

Mal/ChepVil-A: BredoLab botnet-generated, arrives via email

Troj/Invo-Zip: Zeus botnet-generated, arrives via email. Can also show up as a false positive in incomplete temporary zip files, as it's an exploit detection.

http://nakedsecurity.sophos.com/2011/11/12/you-practice-safe-computing-so-why-do-you-still-see-malware/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

didn't find ANY of these. I wonder why.

I use OSX and LINUX

Maybe I'm just lucky

We have been on Linux/FF for a couple of years now. I love it.

"Now, seeing that most of the software won't run under their current configuration, this isn't as much of an issue... but that assumption only lasts as long as their configuration isn't being targeted."


Terra Terra Terra.

is then a carrier. Just because the virus didn't infect a Mac doesn't mean the Mac user can't forward the infected file to someone else.
My beef with Mac users is their smug superiority attitude that doesn't bother with security because "Macs don't get viruses"
That is fine up to the point where the infected email is sent on to someone else.

The most common cause of infections is the ID ten T error. I've had ONE virus in the last five years or longer and that was because I trusted a disk someone gave me.

I have had a few glitches, but nothing that could not be cured by restarting the computer.

Another drive by against OS X is fine, but let's not be deceptive.

Mac users simply don't see the performance drop that Windows users regularly do.

You can try to dress it up however you like, but those are the facts.

Would you answer an idiot's question? Which would I run to find malware? A virus scan or an Anti Spyware scan?

Many thanks...

you'll find all the malware you'll ever need....

Along with the free AVG link scanner which will alert you to infected pages


http://linkscanner.avg.com/

because you hate OSX and linux.

because you hate windows.

on my iMac.

I'm just tried of these crap posts..

If Linux is so easy, why isn't it used in schools? :shrug:

That is one of the most useful computer related posts I've come across.
:)

I have a bunch of ad sites blocked, so my computer can't "see" the sites. If the website I visit tries to direct me to a bad site, I simply get redirected to my own computer.

I believe it also keeps any collected information that malware gets from being sent back to so sites... the hosts file tried to redirect the information back to my computer.

:-)

AVG link scanner is for the computer illiterate and for us.

and trashes OSX and linux



Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways.

:(

It is ticking me off as we speak!