Security Manager's Journal: Not even security managers immune to FakeAV infection
This insidious malware is hard to root out, which is why it's making a lot of money for its distributors
Computerworld - Can you believe it? As I sat down this morning to write this column, I got hit by a drive-by download of FakeAV.
My computer is infected with pop-up warnings and file scans telling me I have security problems, and Internet Explorer has been hijacked to keep sending me to a website where I can "purchase the software." Pop-ups are coming from my taskbar, showing up in the middle of the screen, and rifling through my files with a fake scan. My computer is being held for ransom.
How did this happen? And what am I going to do about it? I mean really, as a security manager you'd think I would be immune to this kind of problem. My antivirus software is up to date and actively scanning, and my system is fully patched. That's more than most people are doing. Fortunately, I also have current backups (more on that in a minute).
I wrote that a week ago. As it turned out, I had to do a lot more work to get rid of this infection than I anticipated.
I started with some research on what FakeAV is all about. I've been hearing a lot about it through word-of-mouth, and now I'm getting firsthand experience. According to Sophos, FakeAV is a rapidly growing threat on the Internet, mainly because it's profitable to the people who wrote and distributed it. Evidently, a lot of people are being tricked into sending money to these criminals to get back control of their computers. I hate to think how many people are being fooled by this malware into thinking it's a legitimate security scan. It would be a lot easier to just send them the money to get back control of my system. But I'm not going to let these guys win.
This is clearly a very advanced program. It looks exactly like the real Windows Security Center. It appears to be professionally programmed, with none of the crashes or bugs prevalent among more pedestrian malware.
Sophos says there are so many variants being released constantly that it can be difficult to detect using traditional signature-based antivirus, which is what I have. Even with the latest updates, the newest variants can get through. Some variants are also employing polymorphic code, which changes itself so frequently that the MD5 hashes used by antivirus programs cannot be effective. Well, that explains how I got it despite having a good, up-to-date antivirus product.
More by J.F. Rice
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Security Manager's Journal: Our network infrastructure has fallen far out of date
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts