• HOME
• Writing
• About Mike
• Articles
• Photography
• Email Me

Ann Arbor Area Business Monthly
Small Business and the Internet

Secure Businesspeople Don't Get Viruses

March 2014

By Mike Gould

OK, by now most of you have read my last two columns about computer security in the Enterprise, i.e., your businesses. It occurred to me that I completely forgot about missed talking about another mode of biz insecurity, viruses, trojan horses, and other types of malware in general.

Checking my wayback machine, I see I last wrote about viruses in 2012, dealing with Mac viruses, of all things (URL below), so we're due for a refresher course. I just refreshed myself by visiting a bunch of virus info sites, starting with the Microsoft site - I figured they would know viruses if anybody would...

To avoid repeating what most of you know by now, I recommend you visit the Microsoft site below for a quick explanation of malware: virus, worm, Trojan horse, spyware, rogue security software, etc..

Most of the malware news stories of late have been about break-ins, phishing and spear phishing attacks, and the general NSA snooping outrage. I covered spear phishing a while back, and my allotted 1K words is not enough to cover the NSA story (which is in heavy rotation on the national news scene), so let's just focus on viruses for the moment.

A visit to the McAfee anti-virus software site reveals their list of recent viruses detected in the wild (i.e. actual viruses, not proofs-of-concept from computer labs). The latest description, dated 2/16/14, is for RDN/Spybot.bfr. McAfee is a little vague about what this virus does, but it looks like it gathers up information about you and sends it to a foreign server via your Internet Explorer browser. That last is a tip-off that this is a Windows-only virus, as most of the are. McAfee says the risk assessment for this is low, which means it will probably be caught immediately by anti-virus programs.

As a regular reader of this column, you have of course installed such protection years ago, and you keep it up to date on all your computers, smart phones (if using Android), and such. Right? Ooops, I see a couple of you out there looking at the ground and shuffling your feet. Please, please, please, run, do not walk, to your friendly anti-virus company, buy their product (or use any of the fine freebies out there), install it, and do a scan on each and every computer you own. You may already be harboring a zombie computer that is sending all your business secrets to China. Seriously.

A lot of the malware listed on the McAfee site is classified as a PUP: a Potentially Unwanted Program. They define this as:

This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

PUPs are often installed along with a software package purchased online. They are often used to display ads or links to related products. If you have them, it is because you clicked on the "I agree" button after the eighteen pages of small print that make up the EULA (End User License Agreement) you have to sign in order to use the software. Somewhere, maybe buried in article 17/-52b, is the phrase: "By signing this you agree to have us install non-related software that will subject you to our nefarious marketing schemes". As most people (including me) don't read these, you will often have pop-ups, pop-unders, and other sorts of annoyances appear after installation of some game or doo-dad.

If you have an up-to-date version of McAfee or most other anti-virus software installed, these will show up when you do a system scan. It should be pointed out that these are not really malicious, and may be beneficial, in an irritating "Clippy" sort of way. (For our younger readers, Clippy was an animated paper clip that Microsoft used between 1997 - 2003 to supply un-asked for help in doing Office-related tasks.)

Meanwhile, over on the Macintosh side of the fence, the Flashback virus I wrote about back in 2012 is still in the news. An article in Ars Technica reports that around 22,000 Macs are still infected with this. Flashback uses command and control servers to receive information from infected Macs. Some of these servers are now in the virtual "hands" of researchers, who can tabulate the connections being made to them.

As a threat, Flashback has mostly faded away, since Apple bought up all the domains that the servers were using to collect the data. In other words, when an infected Mac "phones home", there is no home there to send the data to. But the mechanism that sends the pirated data is still sitting in the Macs of 22,000 unknowing users. Don't be one of them! Any modern Mac anti-virus package will detect and erase such infections. I use the free Sophos Home Edition software, but there are bunches of Mac-oriented software out there for this.

In conclusion, anti-virus software only works if it is regularly updated, and they all come with automatic updaters. This is the only way to protect yourself from new viruses.

And remember the basics:
Don't open unknown attachments.
Verify that an email with an attachment came from the person in the "from" field.
Don't visit websites linked to in spam or emails from unknown people.

It's a jungle out there; take care.

Mac Flashback Virus: http://mondodyne.com/b2b/smbiznet.171.shtml

Ars Technica Flashback article: http://arstechnica.com/security/2014/01/its-alive-once-prolific-flashback-trojan-still-infecting-22000-macs/

Spear phishing: http://mondodyne.com/b2b/smbiznet.154.shtml

Microsoft Virus into center: http://support.microsoft.com/kb/129972

McAfee Virus info: http://home.mcafee.com/virusinfo?ctst=1

PUP info: http://www.malwarebytes.org/pup/

Mike Gould still feels mostly secure, was a mouse wrangler for the U of M for 20 years, runs the MondoDyne Web Works/Macintosh Training/Digital Photography mega-mall, builds laser display devices, performs with the Illuminatus 3.0 Lightshow, and welcomes comments addressed to mgould@mondodyne.com.