Malware Declines, Trojans Dominate

Orome1 writes "According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. These figures have hardly changed with respect to the January data."

"Only" 39 percent.

[John+Hasler]

So that's how many hundred million bots?

Re:"Only" 39 percent.

[natehoy]

The problem with statistics like this from someone who offers a free antivirus scanner is that, well, people will download it as their first antivirus software, generally once they discover that antivirus might be a good idea. So that 39% is not fully representative of all computers out there, only ones where people have suddenly discovered a need for antivirus and want something free.

I don't know about you, but people only come to me for help once their computers start "slowing down" or "acting funny", and the first thing I do is install a free antivirus client for them and do a scan. And, surprise surprise, I'd say 90% of the Windows computers I've worked on have had some form of malware intrusion, in many cases pages full of them. I think I've had one co-worker have me look at a computer when she first bought it, and that was after her last computer had a really bad infection, so she wanted to make sure the new one stayed clean.

It's like the ER saying that 80% of the population they observe have severe injuries, or (oblig. car analogy) a tire shop claiming that 70% of the cars entering their shop have worn tires. Of course they do! You don't go to the ER unless you need to see a doctor RFN, and you generally don't go to a tire shop if you aren't seriously contemplating new tires. In the same vein, many (most?) people don't start taking antivirus seriously until their trial version of McNorton ran out a year ago and their computer is acting a little funny ever since that cute fluffy bunny video didn't work from that guy with the funny name in East Nowherestan.

So, honestly, I'm very surprised the number is that low.

Re:"Only" 39 percent.

[ozmanjusri]

Nearly 40% of all computers infected? Hundreds of millions of computers controlled by criminals.

Which operating system allows this? And why can't we recover the cost of their ineptitude from the manufacturer?

Re:"Only" 39 percent.

[Dragonslicer]

Which operating system allows this?

Any operating system that lets you install your own software is vulnerable to Trojans. Most Linux distributions would be less vulnerable if you can get the user to understand how to only ever install software from the official repositories, but a stupid user is going to follow the instructions on some random website to get new screen savers no matter what operating system they're using.

Re:"Only" 39 percent.

[AJH16]

You forgot about the people who actually get free anti-virus software to keep their system clean. That's why it is so low. And yeah, I definitely agree on your reasoning. I know my personal record is fixing someone's computer only to find it had over 16,000 difference pieces of malware on it... I believe the solution was a reformat and instructions to be more careful with kazaa.

Re:"Only" 39 percent.

[phaserbanks]

Please stop blaming the O/S. In my experience, malware problems are 1% system + 99% uneducated user.

I've run every version of Windows since 3.11 (and a few versions of DOS before that). Never had so much as a single malware issue. I'm sure many here would say the same.

Maybe every O/S installer should end with an exam. If you pass the exam, you get admin. If not, you get a 1-800 number.

Re:"Only" 39 percent.

[causality]

I know my personal record is fixing someone's computer only to find it had over 16,000 difference pieces of malware on it

... that you knew about.

Re:"Only" 39 percent.

[causality]

Please stop blaming the O/S. In my experience, malware problems are 1% system + 99% uneducated user.

I've run every version of Windows since 3.11 (and a few versions of DOS before that). Never had so much as a single malware issue. I'm sure many here would say the same.

Maybe every O/S installer should end with an exam. If you pass the exam, you get admin. If not, you get a 1-800 number.

Actually he was blaming the vendor.

An analogy could be made that selling an OS to what you nicely call an "uneducated user" is like selling firearms to children. The difference, of course, is that a firearm manufacturer which deliberately did that would face liability. The software company? Not only do they face no liability, they get to advertise "easier to use THAN EVAR! No expertise required!" in order to increase sales.

Re:"Only" 39 percent.

[Mister+Whirly]

Except, in your bit of rhetoric, you forget that selling an OS to an idiot rarely results in death. Or any other condition that can't be solved with a format and re-install - using the same OS.

I mean for god sake my mother, yes my mother, installed Windows herself the last time, and she has zero expertise. So there may be some truth to the whole "easier to use THAN EVAR! No expertise required!" statement.

Re:"Only" 39 percent.

You can't just refuse to sell computers to idiots. Go outside sometime.

Re:"Only" 39 percent.

Time for a car analogy.
 
No, it's not like selling firearms to children. It's more like selling a car to someone who is NOT a certified mechanic.
 
I suppose that only mechanics should be allowed to drive?

Re:"Only" 39 percent.

Android - the good-Linux-based-don't-be-evil-open-source-free-for-all OS - just had a major infection - over 50,000 known users infected by malicious software gathering personal data. Bad enough that Google on the record advised them to have the phones exchanged (at whose cost ?) rather than to attempt to fix them. Oh, and they all downloaded this soft from _official_ Android Marketplace.

It's not OS specific. With Linux getting more recognition, esp outside of US, I fully expect a major Linux malware sh#t storm.

Re:"Only" 39 percent.

[sexconker]

I know my personal record is fixing someone's computer only to find it had over 16,000 difference pieces of malware on it

Tracking cookies don't count, damn it.

Re:"Only" 39 percent.

[causality]

Except, in your bit of rhetoric, you forget that selling an OS to an idiot rarely results in death. Or any other condition that can't be solved with a format and re-install - using the same OS.

How typical of Slashdot. When confronted with an analogy, you have a couple of choices. You either undertand the point that is being made, or you nitpick the analogy. Excellent choice, sir.

If selling an OS to an idiot typically resulted in death there would be a lot of dead idiots.

The point, you know that thing you miss when you nitpick, is not about whether misuse of guns causes death and misuse of OSes doesn't cause death. The point is we have a corporation that is enriching itself by selling items to people who are likely to misuse them and lose time and money (and maybe experience identity theft) from having done so. It's not that this happens and they turn a blind eye to it. It's that they are specifically and intentionally targeting this class of user in order to increase sales.

In what other industry can a corporation do that and never face any sort of liability or government scrutiny?

I mean for god sake my mother, yes my mother, installed Windows herself the last time, and she has zero expertise. So there may be some truth to the whole "easier to use THAN EVAR! No expertise required!" statement.

Good for her. Wait six months, run a thorough scan for malware, and get back to me. Then note that nowhere on the packaged Windows DVD did it say anything about some knowledge being required to avoid such threats.

Why people are so eager to make excuses for this is quite a mystery to me. If you were the one making billions from the whole deal I could understand it. But you're not. Microsoft is. I can understand why *they* whitewash this issue. Why you would do it, no I don't get that.

Re:"Only" 39 percent.

[je+ne+sais+quoi]

I'd just like to point out that in our secretary's office is a windows XP box that is constantly rebooting ever since the IT department pushed a bad update. While I don't doubt that users installing their own software is a big issue, over-zealous system administrators or software companies who don't fully test their updates are also a problem. Perhaps not a security problem, but one that costs boku money & time nonetheless.

Re:"Only" 39 percent.

[NotBorg]

I suppose that only mechanics should be allowed to drive?

If cars were just as unreliable and maintenance prone... Yes. You can drive a car for years just by putting gas in the tank and taking it in for an oil change. You can hardly go 30 days without a computer needing some kind of maintenance to avoid catastrophe.

Also people get trained and tested on their ability to drive a car. The car analogy doesn't work well because people are at least trained in normal operation of the vehicle. The same cannot be said about computer users. When you drive a car there's everything from instrumentation to road signs alerting the driver to what's acceptable.

Here's one for ya: Imagine if Internet users were the ones putting up road signs instead of government officials. You're approaching a curvy streach of road and instead of seeing a speed limit sign for 55 MPH see a sign saying "Dude I took it at 90... only a nub would take it slower than 80."

When will you folks ever learn that computer-car analogies don't work? :D

Re:"Only" 39 percent.

[drsmithy]

Which operating system allows this?

All of them.

Re:"Only" 39 percent.

[drsmithy]

So, how do you propose fixing the problem ?

Re:"Only" 39 percent.

[PlusFiveTroll]

The windows update reboot loop issues... Got to love MS

http://support.microsoft.com/kb/949358

I love their answer too... run a repair install. Most of the time I've seen this occur is because there is a file permission error and their stupid fucking update mechanism can't figure out that it needs to rollback the update, skip it, and report to the user what the problem is. I love how numerous updates leave random directories in the root drive that can't be deleted unless you take ownership and set full access to them. What's even better is when the issues don't show up on the testbed and only occur randomly to users.

Re:"Only" 39 percent.

[Mister+Whirly]

Apparently by not selling software to the average non-technical customer unless they can prove they are not an idiot. I can see consumers going for this in a big way!

Re:"Only" 39 percent.

[tendrousbeastie]

It isn't unreasonable to point out that if one is to compare the selling of guns to the selling of computer software then one should keep in mind that the potential risks are different.

You're trying to claim, by way of analogy, that because we don't allow situation A, and situation A is similar to situation B, we therefore shouldn't allow situation B to occur. Therefore situations A and B should be comparable in magnitude of effect as well as in form.

Re:"Only" 39 percent.

[maxume]

How many of those pieces were 'malicious' tracking cookies used to inflate the effectiveness of the scanner?

Sure, tracking cookies are irritating, but they aren't really the same thing as a botnet or whatever.

Re:"Only" 39 percent.

[SnarfQuest]

"easier to use THAN EVAR! No expertise required!"

Let me guess, you bought your copy of "Windoes" from the same place you bought that "genuine Rollecks" watch.

Re:"Only" 39 percent.

Which is probably why the original reply correctly called him out for using rhetoric. Inferring that selling software to people is as dangerous as selling guns to children is just ridiculous. If you have a real point to make, don't resort to tactic like this to make it.

Re:"Only" 39 percent.

[Mister+Whirly]

And the fact that 3rd party developers can put out software for Android that is malicious is somehow Android's fault? When you install an Android app, it tells you all the rights it is asking for, and you have the option to install or not at that point. If I am installing some stupid game and it wants full access to all areas of my phone, I won't install it. Chalk this one up to stupid users, not a flaw in Android. If you want to protect your Android phone from malicious software, there are plenty of apps for that as well. But if you download and install apps all willy-nilly without checking to see what they want access to, well, sooner or later bad things will happen. I am willing to have to use a little security diligence to gain a lot of openness. If you want an user-proof phone with a nice walled garden, get an iPhone.

Re:"Only" 39 percent.

[hairyfeet]

Well I can't answer for him, but I can say my personal record at the last shop I worked at was 4673 pieces of malware all running on this top o' the line Toshiba laptop. It actually took one hour and 43 minutes to boot! Normally we'd just do a wipe and reinstall and never mess with it, but the boss had bet me a pizza and a six pack that it wouldn't beat his record of 2879 pieces of malware running. But I had taken one look at the hipster douche that had brought it in and said "I think I'm beating your record today Doug!". Sure enough I was enjoying a meat lovers and a cold one for supper.

So while I find it hard to believe that someone could get 16,000 bugs and still function you'd be surprised how much shit a user can add before Windows will completely die. The hipster douche had every porn bug known to man and had so many running processes that the brand new Toshiba ran like a 486 trying to load Win98. But we didn't count cookies, only malware, so yeah you get some seriously nasty machines walking in sometimes.

Re:"Only" 39 percent.

[hairyfeet]

The problem is MSFT can only add so much before screams of "anti trust!" fill the web. Just look at the stink Norton and the rest tried to put up when Windows started coming with Defender and MSFT started offering Security Essentials for free. Now we all now that if Windows came packed with a free fully functional AV like MS Security it would seriously cut down the rates of infections, but that would not only cut into the pay AV business but would hurt the OEMs by not getting paid to bundle crapware time limited AV.

So in a way you can look at this as just another failing of capitalism, as the long term better for everyone solution is rejected in deference to the short term lets make a buck solution. I know that using a few simple third party tools I am able to make Windows "a toaster with a screen" which is one of my most popular optimizations, where it cleans and defrags its file system and registry, fixes broken shortcuts, takes care of its own AV updates and scanning, hell if I could come up with a way to auto-install third party updates it would be damned near perfect, as it is I have to simply have the OS alert the user when the latest flash or other update is ready.

But sadly if MSFT was to do that, even though it would make the net safer and faster and better for everyone, all the vendors of solutions to those problems would scream "Anti Trust!" so fast it would make your head swim. So in the end we get what we have now, where the user has to know more than they should because many want to profit off their misery. Sad but that is the way of things.

Re:"Only" 39 percent.

[phaserbanks]

Which operating system allows this?

Please stop blaming the O/S.

Actually he was blaming the vendor.

I think you missed something.

Re:"Only" 39 percent.

[NotBorg]

The problem is MSFT can only add so much before screams of "anti trust!" fill the web.

What are you talking about? Much of the improved security of Windows 7 had more to do with checking buffer bounds, sanitizing input, better utilization of hardware features like the NX bit, access controls, etc, etc. When developers write tests for functions and fuzz their products, and use static analysis tools, code quality goes up and it becomes harder to exploit.

Microsoft apologists like to throw their hands up in the air and say there's nothing Microsoft can do. Clearly this assertion must be wrong unless you wish to concede that Microsoft products are no better today (in terms of bugs) than what they ever have been.

Don't act like all this improved security is exclusive to the on-access scanning that AV products do. No one is going to scream antitrust because they're fixing bugs and testing their products. Even in the absence of AV software, IE is a much safer and stable product then what it used to be. No one is going to come out and cry OMG ANTITRUST THEY NEED TO STOP FIXING BUGS!

Re:"Only" 39 percent.

[camperslo]

Well I guess ya disproved the myth that Windows users can't make use of multiple cores...

Re:"Only" 39 percent.

[causality]

It isn't unreasonable to point out that if one is to compare the selling of guns to the selling of computer software then one should keep in mind that the potential risks are different.

You're trying to claim, by way of analogy, that because we don't allow situation A, and situation A is similar to situation B, we therefore shouldn't allow situation B to occur. Therefore situations A and B should be comparable in magnitude of effect as well as in form.

Actually I never said either one should be allowed. I never said either one should be banned. I merely observe that this company in this industry gets away with things that we would call irresponsible for other companies in other industries.

Apparently analogies are a real tough thing on this site. The point was, these practices are similar in principle. They are different in effect; a malfunctioning malware-infested computer isn't going to shoot someone.

I realize we're not a society that celebrates abstract reasoning or principle. Still, is it really that difficult to distinguish principle from effect? If you steal $5 from my wallet, you're a thief. If you steal $900,000 from a bank, you're a thief. There's a tremendous difference there in terms of what the effect will be (some probation at worst, versus hard time in prison). The principle that you shouldn't take things that don't belong to you remains the same.

I'm waiting now for someone to say "but but causality, a malfunctioning computer probably won't rob a bank!" That person will probably think he really made a useful point.

I don't mean this to intentionally offend but when I have to explain things like this, I feel like I'm giving remedial instruction, like I am picking up the slack where your schoolteachers and/or professors have failed.

Re:"Only" 39 percent.

[hairyfeet]

What are YOU talking about? Did you miss the part where both Norton and Ultradefrag have screamed bloody murder over the fact Win 7 doesn't allow kernel hooks when it is those same hooks that allow malware and rootkits to penetrate so deeply?

While I'll be the first to give MSFT credit for the excellence that is Windows 7, the simple fact is a good chunk of those third party tools could be eliminated tomorrow and at the same time give the user a "toaster with a screen" but MSFT can't do that for fear of anti-trust.

Just look up "Windows 7 kernel hooks" along with "anti virus anti trust" and "Microsoft anti trust claims" and see for yourself. Just with disallowing kernel hooks there were nearly a dozen motions filed by various third parties screaming anti trust. Like it or not billions are made by plugging "holes" in MSFT security and every time they plug a hole that was making money for someone here come the lawyers.

All those third party cleaners, AVs, antimalware, etc, could be eliminated tomorrow if MSFT were allowed to ship a default solution but that would cut into both the third party tools business as well as the OEM profit margins. Do you have ANY idea how much the OEMs get for stuff from System Mechanic and Norton for installing trialware? Any time you have vested interests in patching problems actual solutions to those problems are unwelcome as they cut into profits, it is just business 101.

Re:"Only" 39 percent.

[NotBorg]

Did you miss the part where both Norton and Ultradefrag have screamed bloody murder over the fact Win 7 doesn't allow kernel hooks when it is those same hooks that allow malware and rootkits to penetrate so deeply?

Did you miss the part that Peter and AV friends created vulnerabilities by using such hooks? Meanwhile, the same kernel hooks that all these security companies are bitching about aren't needed or used by MSE. That's right, the software you speak so highly of and want MS to roll out because it's just that good doesn't need to patch the kernel. In fact, MSE was shown to be impervious to this class of attack because it didn't patch the kernel.

At any rate, AV companies bitching about being "kicked out of the kernel" doesn't have much to do with the antitrust allegations other than it's the same parties bitching. While the antitrust concerns may have merit (because Microsoft has a competing product), the rest is just AV companies spinning up press because they would apparently just like to continue selling you the same broken software (kernel hacks and all) instead of developing new.

I still don't see much merit in claiming that there isn't much Microsoft can do. Windows fanboys have been telling us that for years. Clearly they were wrong -OR- Windows 7 is just as much a steaming pile of shit as XP is (pick one). Really there's not a damned thing Peter can do about Microsoft squashing bugs. So yeah, when you say "MSFT can only add so much" of course I'm going to look at you funny and ask you what you're talking about. Sure, they might not be able to include MSE by default, but they are far from having nothing else to do.

Increasing numbers of Trojans?

[fuzzyfuzzyfungus]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

Re:Increasing numbers of Trojans?

[1s44c]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

If there ever was or is a population control conspiracy it's not working. The world population is still growing at an unsustainable rate.

Re:Increasing numbers of Trojans?

The world population is still growing at an unsustainable rate.

Unsustainable how? We pay farmers not to grow corn. We are also using it to create fuel. The population density of Canada, the US, Agentina, Russia are far below the average.

I've never understood how intelligent people have come to the conclusion that population grow is somehow a bad thing. People living in 1800s used to think that things were too crowded in London-- that the growth of population was surely unsustainable. They were wrong. For the breifest of moments the man overcame this ridiculous fear. We dreamed of finding ways to farm on the moon, or mars, of terra-forming, of massive cities underwater.

Today we just bitch because we can't drive our hummer through three miles of parking lot to the grocery store. Your selfish, inhuman lifestyle may be unsustainable-- but I assume you that with some ingenuity and generosity, the population growth is nothing to be worried about.

Re:Increasing numbers of Trojans?

The world population is still growing at an unsustainable rate.

Unsustainable how?

Unsustainable in that any nonzero population growth is unsustainable (it can't continue forever without changing, you'll either run out of space or run out of people).

Also in that even though Earth has plenty of resources for humans to exploit it has many fewer resources for other species to exploit. The wild ecology of Earth will be irreversibly transformed by continuing human population growth. Many people don't think that it's worth the cost of losing say: moose as a species, just so we can have yet another billion humans.

Re:Increasing numbers of Trojans?

[Kozz]

I blame the UN/Satanic New World Order/Illuminati population control conspiracy...

I blame the University of Southern California.

There's definitely a sharp decline

[rsilvergun]

I wonder what caused it? Adobe did patch a few of their nastier PDF & Flash bugs. It'd be funny if that's all there was. Suck for computer shops though, business is way down :P.

Re:There's definitely a sharp decline

[NJRoadfan]

There are still plenty of machines that don't have Java, Flash, and Adobe Reader updated to the latest versions. Keep those three up to date and install a good ad blocker, and the chances of getting infected drop a bit.

Re:There's definitely a sharp decline

[gad_zuki!]

According to some research released by Brian Krebs, most exploits are Java based. Other research suggests that something like 70% of PCs have critical remotely exploitable conditions (plugins in browsers mostly.)

If infections fell recently its probably because companies like MS, AVG, etc are doing a better job catching catching malware before it infects people. Joe User doesn't understand that he needs to also update his Java and his Adobe products.

Re:There's definitely a sharp decline

[_0xd0ad]

Other research suggests that something like 70% of PCs have critical remotely exploitable conditions (plugins in browsers mostly.)

...which is why I have Firefox configured to disable the Adobe PDF plugin and simply download PDF files. If I wanted to download a PDF file, I can open it, but a drive-by exploit can't just fire up the Adobe in-browser plugin without any permission.

Serious question

[AdrianKemp]

I've cleaned others' PCs for forever and a day, and I've always wondered about this.

malware = malicious software
trojan = malicious software pretending to be good software

However, most of my experience with so called malware is things like fake virus scanners and browser bars and weather gadgets, etc. To me that seems pretty tojan-esque.

Does it have to contain a hijacking element in order to be considered a trojan? That would make sense for the analogy, but I've never heard it described that way.

Re:Serious question

[Haedrian]

A trojan opens backdoors in the system, so the controller can either hijack your computer or send more malware your end. If it doesn't do that, its not a trojan.

So a virus which pops up "VIRUSES DETECTED! BUY THIS PRODUCT" is malware but not a trojan.

Think about the Trojan horse in the greek myth, when it got in, it opened the gates for worse things to come.

Re:Serious question

but in keeping with your description then all malware is technically a trojan, since pretending to be a FREE virus scanner ( big gift horse) it installs itself. Then usually makes calls to install more malware on your machine. So the fake virus scanner should technically be looked at as a trojan as it opened the door to your computer, once you install it ( open the gates and drag it in)

My belief is that it is a marketing scam, nothing else. That way the AV vendor can say , well no that is malware, not our problem, but we do sell a product that will detect that as well. It was a way for them to cover their butts when all these computers with virus protection were getting infected. It's not a virus, although I think most of us would conclude that a virus = malicious software which claims to be one thing but installs unwanted processes on your computer.

AV products should have been catching these things from the start, but they were all slow to catch on, when they did they did what every other business ( or 6 year old) does when something goes wrong. They blame someone else.

Re:Serious question

[AdrianKemp]

Yep that makes perfect sense, thanks :)

Re:Serious question

[Haedrian]

The ones which I saw/cleaned up myself didn't get additional malware, they just contented themselves with popping up ads and slowing the system down to a halt.

But yeah, if it gets more malware in - then its a trojan. Yeah the line is blurry.

Re:Serious question

[MSesow]

most of my experience with so called malware is things like fake virus scanners and browser bars and weather gadgets, etc.

I worked a job with an AV company doing tech support, and this is most people's experience. And for a good reason, too - these are the ones you notice. Many of these are written in order to spook someone into thinking that they need to buy something by displaying a "Windows has detected viruses!!!!11!" message, so that they will purchase SuperWindowsAV2011 (or some other similarly named "product"). But the thing that really makes me worry is that if the malware is well written and designed to go unnoticed, as would be the goal in several cases - key logging, watching for bank info or building a bot net, for example - then we all go along as happy as can be. It is known that an AV will stop threats, but it is best at old and well understood threats, and against the newest malware they are always playing catch-up. And I am not saying that the AVs out there are bad at their job, but I am saying that they are not great at it (and the marketing folk just make the whole situation of poor perception worse by trying to make it sound like their product stops everything). The point of this all is to say, "sure, I believe you (TFA) that 39% of computers are infected with malware that you know about, but what about estimating the size of the rest of the iceberg?"

Re:Serious question

[causality]

and the marketing folk just make the whole situation of poor perception worse by trying to make it sound like their product stops everything

There are many times when what they would call "marketing", I would call "fraud". Apparently it's legal, too.

Re:Serious question

[Em+Adespoton]

These days, pretty much anything that isn't a virus or a worm but is malicious is dumped into the trojan bin.

Re:Serious question

[nowen2dot]

And here I thought a Trojan(TM) was designed to prevent popups leading to infections, pregnancies, etc. :->

System Tools

Anyone else having a nigthmare week with this particular fake-AV varient?

Had 7 people in with it before lunch on Monday, and dozens more since then. I have now seen it running rampant on machines with fully updated Forefront, Sophos, Avast, AVG, Norton - so none of the big names are stopping it outright yet.

Resides in %appdata\locallow\sun\java\deployment\cache if you're looking for it on a cuffed machine

Re:System Tools

[natehoy]

If it only resides in one directory, consider yourself lucky. The last one I was dealing with (can't recall the name, but it was one of the ones that screws with your Internet connection and redirects everything to their "pay $75 and you get to use your computer again" site) put copies of itself in a half dozen places, several of them quite creative,all with different and innocuous-sounding filenames. Each one was programmed to start up, look for the existence of the others, and if one or more were missing it copied itself to them and re-established the startup for each of the missing ones.

One of them was even programmed to only check-and-restore on every five startups or so, so the whole damned thing came back while I was in the middle of catching the computer up on its Windows Updates, an hour after I thought I had the machine completely scrubbed clean. It was hiding itself under a filename that looked like a driver for the touchpad. Clever bit of thinking, actually - victim takes computer to pro, pro cleans the gunk out, victim takes machine back home and a week or so later the infection magically reappears.

Took me hours to rip out that sunovabitch. I told the user to back up their data NOW and if it came back to bring the machine back with the recovery discs so I could nuke the damned thing from orbit.

Re:System Tools

Maybe it's time you verify digital signatures and file paths. Trojans were mimicking filenames in 1999 and probably earlier.

Re:System Tools

[Idbar]

I had the chance of looking at someone's pc the other day, only to find that they are now shipping with webservers and redirect your HOSTS files to your own computer as alias for banks. So your "bank" connection is speedy and never fails, once they gather the data, I guess they'll report it somewhere else. To remove this, I had to go around looking for where the webserver was, among other temporary, hunting files was the most annoying part of it

Re:System Tools

[pnutjam]

I have been having great luck with Vipre Rescue. They distribute this rescue program as an updated executable so you just download the most current version and run it on the infected machine. If you can get to windows, it works very well. I can even unzip it and launch it remotely on computers using psexec.

Re:System Tools

[sexconker]

Had to fix a computer 2 days ago that had some sort of shit on it.
By the time it was brought to me, it was giving a c000002a1 BSOD when trying to boot.
That means winlogon or csrss was failing.

System restore and safe mode didn't do shit.
I didn't want to spend hours replacing system files at random via the recovery console.
So I just did a repair install on top of the existing install.

Of course, the PC was Windows XP Media Center Edition 2005 OEM , and I used a Windows XP Media Center Edition 2005 disc. So it wouldn't get past the "GIMME CD KEY" step using the serial on the sticker on the PC. Grabbed an OEM disc online (Thepiratebay.org to the rescue again) because the PC came with no disc, and it had the typical DELL dozen extra, proprietarily-fucked partitions for who the fuck knows what, but there was no option to get to a fucking factory restore). Instead of trying another dirty install on the existing partition (preserving the files), I just hooked the drive up to another PC and copied everything to an external, then did a format and clean install.

I noticed when backing up the files to the external drive that they had an inetpub folder. Dunno if it was from some stupid shit they installed, some stupid shit that came bundled, some stupid shit that's part of Media Center Edition, or some fucking malware.

Hey slashdot, I know you got rid of <i>, but at least we have <em>. What the fuck do I use to get some underlines in this bitch? <u> don't work for shit (hurr durr, deprecated for no reason), and I can't exactly CSS up my post, now can I?

Re:System Tools

[flowerpotgirl]

I have had exactly the same experience this week, I had 3 infected machines on Monday, and a further 12 on Tuesday, and yes, most had fully updated AV on them. In a normal week I would clear about 4 or 5 machines of various types of malware and trojans, but something has been running riot this week! The desktop image on all the infected machines looks like old school malware that I used to see around 6 or 7 years ago!

Re:System Tools

[hairyfeet]

Hi flowerpotgirl! If it is that damned security tool variant I feel your pain. I have gotten to the point if they say that have "some sort of security thingie bugging me" I tell them to back up anything they want to keep to flash or DVD (which I'll be happy to sell them or they can use their own) and then I just nuke the bastard. After nuking I scan the flash/DVD with a LiveCD and put their stuff back on. That security tool variant is a royal bitch, and with each new version they add more checks and more places to hide!

In the old days it was easy to clean the bugs out but these new security tool and AV20xx variants are just too damned nasty. You can spend all day cleaning one out only to have a timebomb restore the bug! Nuke it from orbit, it is the only way to be sure anymore.

Real Trojan Horse

The story of the Trojan horse is more than a myth. They thought the whole story was a myth until they found the ruins of the actual city of Troy.

Re:Real Trojan Horse

I'll change my mind when they find the actual horse. Until then it's a myth.

Re:Real Trojan Horse

[sexconker]

The story of the Trojan horse is more than a myth. They thought the whole story was a myth until they found the ruins of the actual city of Troy.

No.
The story of the Trojan War itself is a fucking myth.
It didn't happen. There may have been a small battle at some shit ass place, but it wasn't some Lord of the Rings style epic that waged for decades, and it wasn't over a single fucking woman. They did not find the ruins of Troy. They found a few bowls and shit and said "Hey! People lived here!". That's the sort of shit that gets on the History Channel now - ANCIENT ALIENS, I FOUND THE CHUPACABRA, SECRETS OF THE DA VINCI CODE, THE SCIENCE OF STAR TREK, BATMAN: BEHIND THE MASK, etc. Fuck off with the bullshit, please.

Trojan War didn't happen as it's said to have happened.
Troy didn't exist as it's said to have existed.
The story of the Trojan horse is deep indeed in the crockpot of bullshit.

Well..

Panda probably doesn't count any Malware coming from the Church of Scientology...

Panda sneeze: Cute infection goes viral

[qwerty8ytrewq]

Should have used a Trojan sized tissue!

Amazing

[dcw3]

"According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month

And exactly how did 11% of them get cleaned up over the last month???

Re:Amazing

[maxwell+demon]

"According to data gathered by Panda Security, only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month

And exactly how did 11% of them get cleaned up over the last month???

Format and reinstall?

But seriously, those were probably not the same computers anyway.

Re:Amazing

[John+Hasler]

> And exactly how did 11% of them get cleaned up over the last month?

What makes you think they did? You don't imagine that these guys know or care anything about statistics, do you? All we can clonclude from this is that lots of computers are infected.

Re:Amazing

[dcw3]

What makes you think they did?

Sorry if my tone didn't come across sarcastically enough, but that was my intention. I in no way believe their numbers, certainly not that they dropped from 50 to 39%. Something is obviously amiss with their methodology.

Of course...

Operating systems are increasingly secure, and crackers are running out of vulnerabilities to exploit.

However, there will always be an endless supply of clueless idiots to click that "yes" button.

babys submit #1 intention, non-negotiable

1. DEWEAPONIZE

not even a word as far as we can tell, but they appear adamant. there was a clear mistrust of some 'adults' expressed. some of their reasoning?; they prefer not to be shot at while they're marching? they believe the resouces required to kill everybody undermines their ability to thrive, or much worse? they also indicated preference towards an investigation of wholesale vaccinning (word?) of their little selves ? told you they watch tv/internet? see you at the gatherings? underestimating/misinterpreting anything could be costly nowadays?

baby intention interpreting is costly. more than one of our sites has been vandalized already this a.m.?

Scripting and Windows 7

Windows 7 has vastly improved security over XP 30 percent better according to Trend Micro. Only equally vulnerable to 7 in 10 attacks that are used in XP.

So turn on scripting, Then Flash again and rejoice! There has to be a better alternative operating system out there somewhere.

Re:Scripting and Windows 7

There are several, actually.

Re:Scripting and Windows 7

vastly improved security

How can they do that as the market leader? Don't you read /.??? Whoever has the biggest market share is FUCKED and their's nothing poor ol' MS can do about it. Be a real Winboy and say it: "They have the market share they are the target. Period."

Or it could be that not all software is equally broken and market share isn't the only thing that sets MS apart from other OSes. Despite the desktop market share not really changing much they got better, right?

Good software trumps "market share makes teh target." In the presence of better software, malware shifted to the easier bad users. Microsoft for a very long time was an easy target just as much as it was a market leader. Market didn't change but the software did and guess what... they moved on to the other easy target: users.

In your face windows fanboys! Your face!

The way that I interpret that data

[joeflies]

Panda Security software must be installed on all the computers that it scanned. So if 50% of those computers had infections last month and 39% of them STILL have infections now, then I conclude that Panda Security software is surprising ineffective against malware and trojans.

wat

Wait.....aren't trojans malware?

BOOM.

You're Welcome, America.

How do we know

How do we know that the new stuff hasen't just gotten stealthier over the last month?

Microsoft Security Essentials / Windows Update

[Tony+Isaac]

If wonder if this has anything to do with Microsoft's recent inclusion of MSE in Windows Update. It's been a little while now since this happened, maybe it's starting to make a difference.

http://it.slashdot.org/story/10/11/05/205256/MS-Adds-Security-Suite-To-Update-Service-Antivirus-Rival-Objects

Re:Microsoft Security Essentials / Windows Update

I doubt if you'll get much comment on this from this crowd. Most of them make their living pushing computer security and/or Linux systems, and/or Apple products.
MSE and the release a couple of years ago of Malicious Software Removal Tool I think pretty much kills any business for Norton, McAfree, AVG, et all. The only insecure systems now are major server banks that mostly run linux.

Re:Microsoft Security Essentials / Windows Update

[Mia'cova]

Well McAfee was just purchased by Intel. I'm sure they realize the software market is being squeezed by MSE/forefront. But on the other hand, they have the unique position of being able to look at things from the hardware side. Perhaps there will be a need/market for core AV strengths in the new world of mobile devices and cloud computing hardware. Perhaps hardware encryption, better app sandboxing, etc will play a role. Tighter hardware/software integration could be a key feature in moving towards safer environments. Perhaps these AV engineers will still be in demand and needed to develop and manage solutions for the cloud. Take something like hotmail or gmail as an example. I would never recommend a free email service to someone if I didn't trust them to maintain high quality spam/virus filtering.

There's a lot of room for these companies. I just hope we get away from installing crappy trials on new PCs. But the way things are going, I would imagine we'll see a near-term increase as more and more companies fight for subscribers in a new cloud world. And that fight will mostly be waged with advertising dollars. Sigh :)