Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

It happens to the best of us…

October 22nd 2008 in Uncategorized

image

What do you get when you combine a busy evening, an ongoing IM chat and a moment of inattention?  You get what you see to left of screen.

Note that I declined the download… don’t play with with fire by downloading the virus, even if you know what it is and just want to experiment.

My infected correspondent is a high-calibre computer professional – right up there with the best of them – but as this incident shows, even the best of us make mistakes.

For what its worth, the PC was isolated from the internet within 5 minutes of the infection occurring.  No word, yet, on how easy or difficult it was to clean, or if it was given a name by the clean-up tools used, but from what I can see it was this one:

http://www.k7computing.com/virusdetails.asp?virusid=46459


4 comments to...
“It happens to the best of us…”

Cliff S
wrote on October 22nd, 2008      

I often get infected links thrown at me by infected people on my list. Haven’t had any odd files pushed towards me yet however.



mechBgon
wrote on October 23rd, 2008      

He/she might want to look into low-rights accounts and Software Restriction Policy, if his/her version of Windows features SRP. This is a great proactive safeguard when handling malware.

http://www.mechbgon.com/srp

Tom McFadden
MVP – Windows Desktop Experience



Kimberly
wrote on October 24th, 2008      

MSNFix is the way to go to clean these infections up. They usually are nasty irc bots.

Download is available here:
http://sosvirus.changelog.fr/MSNFix.zip

Extract all files and launch MSNFix.bat

Note: Under Vista UAC should be disabled the time of the cleanup.



Mark Odell
wrote on October 25th, 2008      

mechBgon wrote:
> He/she might want to look into low-rights accounts and Software Restriction Policy, if his/her version of Windows features SRP. This is a great proactive safeguard when handling malware.

Better still, s/he might want to look into disabling the ability of the IM client to auto-convert text URLs into clickable hyperlinks. For instance:
http://www.mess.be/msnmessenger75.htm (under “Security Options”)

This is an even-greater proactive safeguard against ever needing to “handle” malware resulting from “accidental” clicks. (And, if the IM client doesn’t allow that to be disabled, s/he might want to ask the question “Why not?”.)

I would also be curious about exactly what it is that’s pre-enabling a clicked-on _ZIP file_ to unpack–and automatically run–unknown executables leading to malware infection. What’s “arming” that “bomb” for the user to trigger?


Its all marketing spiel, but somebody may find it useful ;o)http://www.microsoft.com/downloads/details.aspx?familyid=75973693-9a7f-4a42-9ddd-8b029361e766&displaylang=en&tm

Previous Entry

Quote: Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Thursday, October 23, 2008. This security update will be released outside of the usual monthly security bulletin release cycle in […]

Next Entry

Archives