PC Got a Virus? Consider Getting Help Offline
If you suspect or know your PC is infected with a virus, it's probably wise to avoid purchasing anything using that computer until you're sure the machine is clean. That includes additional anti-virus or security products.
Chances are the malicious software on your machine includes built-in ability to steal user names, passwords and other sensitive data from infected hosts.
Recently, I've heard from several people who used their credit or debit cards at the first sign of infection, to renew or upgrade their anti-virus protection when their existing software didn't work or failed to update. Also, in a Live Web chat a few weeks ago, one reader described how he "stupidly" went online and bought an anti-virus product after realizing he'd infected his machine with a DNS hijacker Trojan.
Consumers can be forgiven for such goofs: After all, they paid for security software, they expect (rightly or wrongly) to be protected, and yet still got hit with malware.
Setting aside the question of whether consumers can count on their anti-virus programs to completely insulate them from malicious software (they can't and shouldn't), security companies ought to know better than to encourage this risky behavior.
According to one researcher I've been working with who is investigating consumer passwords and credentials filched by the "Zeus" Trojan -- a password stealing kit -- one of the records he found was of a victim who had his credit card credentials stolen after visiting security-software site symantec.com.
In the course of transacting with Symantac, Robert Delano, a realtor from Leland, N.C., also provided his name, address and telephone number. He said he contacted Symantec via their customer service telephone line as well as their support line via online chat, after his system started acting strangely. Also, his up-to-date Norton product warned him that it had detected a virus (it was, in fact malware associated with the Zeus Trojan).
After railing at Symantac's customer support people via their online chat support for not properly protecting his machine, Delano was told to speak with their premium support folks who could remotely take control over his system and give it a thorough inspection and cleaning.
Delano said he initially protested, but after pricing other services like Best Buy's Geek Squad, he agreed to pay Symantac $100 for the service. He was instructed to enter his credit card number and other billing information at a secure symantec.com Web site. However, the keyloggers that were still on his machine, intercepting his information.
"So far they've found three keyloggers, so this [malware] was taking my personal information as I was giving it to Symantec," Delano said. "The thing that upset me most with this is, when they asked for my credit card number, why didn't they stop and think to give me a number where I could call and give my information over the phone?"
While Symantec's support site, was indeed an encrypted, "https://" connection, most modern keyloggers can snag the information entered into a chat window or credit card field before it is encrypted and sent through the user's browser.
Lenny Alugas, Symantec's vice president of support, said that when the customer interacts with the company over chat, the only method they've employed to gather information, including credit card, has been through a secure online Web site. But he acknowledged that such a process can be problematic if a keystroke logger is installed on the end-user's machine.
"While we have not experienced any similar issues to date, moving forward, we'll need to add an additional step in our chat system that allows for a phone call from the rep to the customer, in order to gather the credit card information securely and avoid any chance of compromise," Alugas said.
In Symantec's latest Internet Security Threat Report, released in April 2008, it reported that threats to confidential information made up 68 percent of the volume of the top 50 potential malicious code infections. The anti-virus giant noted that of all confidential information threats detected this period, 76 percent had the ability to record whatever credentials the victim types or enters into his or her keyboard or at an online Web form.
Some of Symantec's biggest competitors also recently observed that a majority of current malware includes a data-stealing component. According to McAfee, malicious software that steals personal data has risen tenfold from 130,000 samples last year to 1.3 million this year.
Cleaning up malware infections is no easy task, no matter how you attack the problem, but there is absolutely no reason to feed the beast. Though it may take longer, consider using toll-free phone support when contacting computer security vendors -- at least when providing payment details. Delano said he has since canceled the compromised corporate credit card, but acknowledged he would have remained ignorant of the threat had he not been contacted by the researcher who has been investigating the Zeus Trojan.
If you've been using your Windows PC without any up-to-date anti-virus software for a while, consider downloading free anti-virus software and running a complete scan before deciding on any purchases. Free anti-virus software is available from AVG, Avira, AVAST!, to name just a few. If you're looking for a quick-hit second opinion, several respectable anti-virus firms offer free online scanners that should remove any malware found. These include online scanners from Bitdefender, ESET (makers of NOD-32), and F-Secure. All of these scanners require users to run the scans with Internet Explorer.
December 22, 2008; 5:21 PM ET
Categories: From the Bunker , Latest Warnings , Safety Tips | Tags: zeus
Save & Share: Previous: Hundreds of Stolen Data Dumps Found
Next: Beware Holiday e-Greeting Cards, Digital Hitchhikers
Posted by: scrushmaster | December 23, 2008 6:56 PM | Report abuse
Posted by: fabioassolini | December 23, 2008 8:01 PM | Report abuse
Posted by: BTKrebs | December 23, 2008 8:24 PM | Report abuse
Posted by: taskforceken | December 23, 2008 8:35 PM | Report abuse
Posted by: BTKrebs | December 23, 2008 9:47 PM | Report abuse
Posted by: Post-It1 | December 23, 2008 10:09 PM | Report abuse
Posted by: Late2Bass | December 24, 2008 10:46 AM | Report abuse
Posted by: Drayknight | December 24, 2008 11:01 AM | Report abuse
Posted by: fabioassolini | December 24, 2008 11:41 AM | Report abuse
Posted by: eubemevoce | December 24, 2008 1:13 PM | Report abuse
Posted by: Frank751 | December 24, 2008 1:16 PM | Report abuse
Posted by: Dale_R | December 24, 2008 1:19 PM | Report abuse
Posted by: edbroker2 | December 26, 2008 12:38 AM | Report abuse
Posted by: rajpol | December 28, 2008 8:56 AM | Report abuse
Posted by: rajpol | December 28, 2008 9:04 AM | Report abuse
Posted by: JeffRandom | December 29, 2008 12:22 PM | Report abuse
The comments to this entry are closed.