A common service for IT companies today is the removal of “malware”. For the purposes of this discussion, malware is any kind of software that you don’t know about or want such as a virus, Trojan horse or anything else that is malicious. But have you ever wondered how easy it is to become infected?
Our PC Health Checklist covers best practices for protecting your computer from these types of threats, but it is important to understand that nothing is foolproof. Best practices such as maintaining effective anti-virus software is like getting a flu shot: most of us agree you should get one, but you can still get the flu.
A common question PC repair technicians receive while performing the removal of malware is “How did I become infected?” While each infection is unique, most malware comes in via several different avenues. Today we will briefly look at how one type of malware is attempting to spread.
While browsing the “Spam” folder of his email, one of our technicians noticed an email from “no-replay@my-fax.com” that a subject of “Fax #334934”. The email itself was very simple; it said that there was a new fax and had a link:
In this case, the web address appears to belong to a legitimate website according to Web of Trust (and a quick glance) and appears to be an entertainment company. The webpage itself, however, contained computer programming code that downloaded two JavaScript files onto the PC.
In short, JavaScript allows web designers to make websites more interactive and useful. JavaScript in itself is not malicious. However, when the JavaScript files were uploaded to virustotal.com (an excellent website for identifying malware), 10 of the 55 anti-virus programs detected it as a virus – Trojan.JS.QVC. They are probably attempting to exploit a vulnerability in Windows, Adobe Acrobat, Flash, or Java. This is why it important to keep both Windows and your third party programs up to date.
What makes this scenario troubling:
- There is no attachment for email providers to scan for viruses (though it did go straight to Spam)
- All of the links and webpages used in the email appeared to be legitimate, third party websites and did not show up in reputation grading sites like Web of Trust
- Only 8 out of 52 anti-virus programs detected this is a virus
This means that it is quite easy for a PC to become infected. Simply clicking this email could easily lead to an infected computer. This particular infection was likely looking to perform a “drive by download”, a method that bad guys use that allows them to infiltrate a computer via multiple avenues.
At this point we considered contacting the owner of the website to inform them that they were hosting malware. It is unlikely that the owner of the entertainment company is behind the attack – their site (or their web hosting company) was likely hacked and they are now hosting the malware unknowingly.
However, when we looked back at the spam folder (and the original email that started all this mess), we noticed this:
As you can see, at least nine emails carrying a harmful link arrived within an hour of each other, and they all point to a different website. It almost seems to be a losing battle.
What does all of this mean? In addition to following best practices, you should use the most powerful tool in your disposal: your judgement. Do not open unsolicited email from people you do not know. Do not open email from people you do know unless you are expecting it.
Did you receive an email about a fax? Are you expecting a fax? If not, delete it. If so, contact the sender and ask them if this is the proper notification. Did you get a notification FedEx? Are you expecting a package? If not, delete it. If so, go find the tracking number from your order (not from the unsolicited email) and track it directly from FedEx.com.
There is no doubt about it – security is hard. Generally, the more convenient or easy something is the less secure it is. If you follow best practices and exercise good judgement you can avoid most or all of the unpleasantness out there. If, however, you do get bit by something nasty, we are always here to help.
Recent Comments