How today's virus authors infect computers
Jul
10
Written by:
7/10/2011 2:44 PM
Today’s antivirus software is having difficulty protecting against todays virus infections. Modern antivirus software is built upon the flawed premise of virus signatures – the concept that once a virus is in the wild a signature can be extracted from the files and used to identify and prevent the spread of the virus on other machines.
Virus authors have responded by creating viruses that primarily spread through servers that generate a file with a unique signature. When a file with a unique signature is downloaded - the client systems antivirus software will generally not see the file as a threat and allow the software to execute.
This method of infection has now placed the responsibility for protecting the systems integrity squarely into the hands of the user. Unfortunately, many users do not know how to properly respond or interpret what is happening when their computer is threatened with a virus infection. The following is the timeline process of an attempted infection.
1) The user will be browsing the internet and suddenly a pop-up dialogue box will appear on the screen. Note: The site is not necessarily infected; instead, an advertisement that is on the page will contain a hack which spawns the infection.
2) If the user clicks on the OK button, the browser will be redirected to a page that appears to look like an authentic security application on the client system. The webpage will look like an application in the process of “scanning” the system for viruses. Note: Even though the application looks like a valid security app, it is still clear that it is nothing more than a web page due to the presence of the explorer bars, etc.
3) After a few moments of “scanning” the site will attempt to download and run a file that contains the virus.
4) If the virus is installed, it will usually lock down the client system so the user can no longer use or see many of the files and applications. The lock down will remain in effect until the virus is manually removed. Even if the ransom demanded by the virus is paid the user will generally be left with a non-functioning computer. In some cases the locks will be removed and the system will appear to run normally, yet the non-functioning security software that is installed only provides a false sense of security to the user.
What should today’s computer user do to protect against this?
1) It is important that all users of the computer understand what to do when prompted to download or run software on the system. Make it clear that nothing should be run until they either fully understand what they are about to run or have cleared the issue through a designated resource (parent, technically knowledgeable friend, or local computer business).
2) Educate, educate, and educate those who use the system. Role play with family members and others who use the system. They must fully understand who to refer the issue to when they are asked to install or run an unfamiliar program on the system.
3) Have high quality, up-to-date antivirus software loaded on the system. The best we have seen so far is Symantec Internet Security. The free programs do not appear to be as accurate at detecting the newer viruses.
Copyright ©2011 Mike Ulloa
2 comment(s) so far...
Re: How today's virus authors infect computers
That kind of warning usually appears to the screen of my computer.I ignore it always because I don't know what is the advantage of it.
By Leian Lao on
10/29/2011 11:06 AM
|
Re: How today's virus authors infect computers
Leian - Understand that the message is a repeated attempt by a virus to infect your computer. Something that needs to be removed.
By mulloa on
10/29/2011 11:07 AM
|