Thursday, 20 January 2011

Another day - another virus reported

This blog post was updated on 26th Jan 2011 following an unprecedented number of viruses infecting computers even though they have up-to-date anti-virus software:

This week we have seen an exceptionally high level of virus infections, on computers protected by good anti-virus programmes. Sadly, anti-virus software is not infallible and the virus writers occasionally find ways to easily avoid these defences. Plain ol' common sense is a much higher form of protection.

All the computers have been infected with what should have been easily avoided viruses. These viruses have names like "System Tool 2011" and "Personal Internet Security 2011" (and various derivatives along the theme). They are all part of a family of viruses which masquerade as anti-virus programmes and pretend to warn you of supposed infections on your computer. They will ask if you wish to use some software to rid yourself of these alleged infections and guide you to a website to buy the software. Of course, no such software exists and you will have given out your credit card details. Oh dear.

Some of these clients have BitDefender anti-virus, which is a highly recommended piece of anti-virus software and has a great reputation. (At only £29.99 per year for a 3-PC licence, it is also great value and will knock the socks of the likes of McAfee or Norton when it comes to performance - of both the programme and the computer.)

However, no anti-virus programme can offer complete protection. They all rely on the computer user to show a degree of awareness when operating the PC.

So, how do you get infected when you have a good anti-virus programme installed?

A computer user, lets call him Rod, has opened an attachment to an email, which APPEARED to have been sent from a friend of his, called Bill. Bill often sends joke emails, so Rod assumed it was yet another funny and opened it. Bang! Infected!

Interestingly, Bill is completely innocent. An infected computer, somewhere in the world, happens to have both Rod's and Bill's email addresses stored on it. This is likely to be a PC belonging to a mutual friend, or they have both given their email address to the same online retailer who isn't too careful about security.

The virus on the infected PC will search that PC for all email addresses. It will then pick one email address at random (say bill@domain.com) and use that address to send itself to all the other email addresses. In that way the virus infected email appears to have come from bill@domain.com.

Rod gets the email and thinks, "An email from bill@domain.com. I know and trust Bill, so I'll open his email." Sadly, Rod should have thought about this a bit further. He should have spotted that Bill rarely sends attachments - and never "zips" those attachments. Bill would also normally include a short message, such as "Here you are Rod, this is very funny! Beer tonight at 8?" Rod should have spotted the tell-tale poor grammar used in the short and strange message that he did get, and the fact that no-one sends zipped attachments!

Having become infected Rod naturally blames Bill and fires off a very short, and to the point, email. Bill gets his computer scanned for viruses and finds nothing, of course. Neither of them will ever suspect the real culprit.

In other cases, clients (or their teenage sons!) have been to a web site which they probably wouldn't have mentioned to their mother. Or to their boss, for that matter! Oops, too late.

Viruses can easily spread through such web sites. The chances are high that the user has been tempted by the "Click Here to download images" button on a naughty web site, but has got more than he has bargained for.

In all cases the anti-virus programme has failed to detect the virus. Why? Because anti-virus programme makers have to compromise between nagging you all day long, (Are you sure you want to do that?), and allowing you to work on the computer. They expect you to have the sense to only open attachments that you are expecting, and not to visit the type of web site that you know you shouldn't be visiting.

____________________________________________________
If you enjoyed this blog please consider donating £1.00!







Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2011