Virus/ trojan posing as security software

Bikewer · 16th May 2011, 01:34 PM

The department's in-car laptops are supposedly reserved for "official" business, but it's no secret that they get considerable surfing use...
Some officers are reasonably computer-savvy and some are not.

The other day, I tried to fire up the one in a car I seldom use and found that it had been trojaned-up by one of those things that show up while you're browsing as "windows security" telling you that you have 3 million viruses and 28 trojans and you must click NOW to get rid of them.
Unfortunately, someone did...
The result was a complete takeover including disabling the installed anti-virus software.

These seem to be increasingly common; I just accessed Google Images and one of these screens popped up.

Red3 · 16th May 2011, 01:54 PM

yeah, they're so easy for people to click on to shut them down - I've had to clean up one or two of my friend's PCs that have fallen victim to those things.

Dancing David · 16th May 2011, 03:44 PM

Yup they suck and can come up for a wide variety of reasons.

They seem to be disabling task manger or safe mode more now, than last year.

But they also are tending to hide in AppData folders

So often Al lUsers/Aplication Data

or Username/Local Settings/Application Data

some are hidden, some are not.

dtugg · 16th May 2011, 05:35 PM

I don't know how people fall for these things. It is very obvious.

elgarak · 16th May 2011, 06:20 PM

Originally Posted by dtugg

I don't know how people fall for these things. It is very obvious.

In particular for me. When this thing starts 'scanning' my C: drive ... while I am on Mac OS X...

Joey McGee · 16th May 2011, 06:23 PM

The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common.

dtugg · 16th May 2011, 06:41 PM

Originally Posted by elgarak

In particular for me. When this thing starts 'scanning' my C: drive ... while I am on Mac OS X...

Yeah that has happened to me.

Originally Posted by Joey McGee

The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common.

Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system.

Joey McGee · 16th May 2011, 07:04 PM

Originally Posted by dtugg

Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system.

One was on XP the other Vista, AFAIK with that security setting intact, so I don't know. All that happened was Avast's alarms went off and said I was under attack and then it was corrupted.

AFAIK it's still possible to get around that Vista feature but someone else will have to elaborate.

jja · 16th May 2011, 07:38 PM

In removing these things, I've had good luck lately with booting to safe mode, performing a system restore to a point before the infection happened, then running Malwarebytes to complete the cleanup. If this doesn't work, you should consult a professional.

The Norseman · 16th May 2011, 07:49 PM

Virus/trojan posing as security software

Have you tried arresting it for impersonating an officer?

Driftwood · 17th May 2011, 02:07 AM

I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated.

Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites!

philkensebben · 17th May 2011, 02:49 AM

blegh, had this nasty little thing last week, rendered my laptop unusable for several days, untill I finally found a solution. The virus had even managed to disable exe's in safe mode, so couldnt run malware bytes through there. Through the Admin profile was no good, as I couldnt update malware bytes to a point, where it would be of any use. Long story short (er), punched in a code into the malware, which stopped it from atleast causing pop ups, then got a registry fix, which enabled me to run and update malware bytes. Problem solved. System Restore didnt seem to work either btw as It would let me click on any previous restore points. Was quite proud of my self, as I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it.

Joey McGee · 17th May 2011, 03:04 AM

Originally Posted by philkensebben

I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it.

It's worth mentioning that no one should ever have to do this. There are enough forums such as Bleeping Computer where people will troubleshoot it with you for free. You just have to provide as much info and logs as you can, wait for someone to respond and do what they tell you, it's a great system, God bless 'em

Dancing David · 17th May 2011, 04:37 AM

Originally Posted by dtugg

I don't know how people fall for these things. It is very obvious.

Well to most people their computer is a mystery, and so social engineering is very effective. I tell staff at both my schools to not respond to anything that does not say "ForeFront" on it, after three years they are getting a little better, some just never listen.

Some students and some staff will just click on anything.

Dancing David · 17th May 2011, 04:40 AM

Originally Posted by Driftwood

I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated.

Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites!

More recently people have been inserting stuff into Google images, and then there are hoardes of other trojans: screen savers, coupon programs, toolbars.

Wudang · 17th May 2011, 08:11 AM

And ostensibly safe websites serving up malware
http://www.theregister.co.uk/2011/05..._com_infected/

Beerina · 17th May 2011, 08:35 AM

Originally Posted by dtugg

I don't know how people fall for these things. It is very obvious.

They're not after you -- they're after the retiree who doesn't have a clue. If they can hit millions, all they need is 1 of 100 to be fooled and still turn a nice profit.

Paul C. Anagnostopoulos · 17th May 2011, 11:54 AM

Originally Posted by dtugg

I don't know how people fall for these things. It is very obvious.

On Friday I was infected by a variant of the "Windows Repair" trojan. No clicking necessary. It trashed my system immediately, without even the ability to reboot in safe mode. The author was not out for money (by tricking me into buying something), he was simply out for destruction.

It took an expert and me about five hours to get my system back.

~~ Paul

Bob001 · 17th May 2011, 12:21 PM

When you refer to the "department's" in-car laptops, do you mean a police department or some other governmental agency? If it's that easy to capture an official computer, we should all be a little worried. Is there an IT department that can restrict the access that ordinary users have, meaning no dumb downloads?

Bikewer · 17th May 2011, 12:45 PM

Yes, it is a police department. These are the "toughbook" laptops that are essentially universal in police work.
Connected to the net via Sprint modem to access DOR, records checks, and various other sensitive materials.
I pointed out various security flaws when we got these, and the university's IT guys did go to heroic efforts to make the thing only able to access the "official" sites.
Like removing most of the functionality from the desktop, re-purposing the various internet icons to lead directly to the law-enforcement sites, and so forth.

Utterly useless, of course. Once one is connected to the law-enforcement portal, one is connected to the internet. All you need to do is pull down one of the imbedded-in-Windows access icons and you're off.
Or, if you're slightly more sophisticated, use a thumb drive with a browser installed.
I pointed this out to the chief as well, but nothing further has been done.
As a result, bored officers working 10-hour midnight shifts over the normally-dull Summer are predisposed to surf...
I maintained a better approach would have been to accept that the guys will use the computer and dole out some decent training on how to do so safely.....
No action as yet.

Driftwood · 17th May 2011, 08:30 PM

Originally Posted by Dancing David

More recently people have been inserting stuff into Google images, and then there are hoardes of other trojans: screen savers, coupon programs, toolbars.

Oh yeah. I'm a PC technician, and I meet this on a daily basis. It's amazing the ways this kind of malware is making it's way into the mainstream, even on completely legit sites.

AdMan · 17th May 2011, 08:34 PM

Originally Posted by Driftwood

Oh yeah. I'm a PC technician, and I meet this on a daily basis. It's amazing the ways this kind of malware is making it's way into the mainstream, even on completely legit sites.

How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..?

Bilbo · 17th May 2011, 08:34 PM

Bob001 · 17th May 2011, 09:12 PM

So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters?

elgarak · 17th May 2011, 09:20 PM

Originally Posted by Bob001

So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters?

Wrong side.

It prevents the computer to be used for police work.

Driftwood · 17th May 2011, 10:52 PM

Originally Posted by AdMan

How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..?

Mostly through ad banner rotation. The little ads on the tops and sides of web pages. Most adservers aren't really aware of what they're putting into rotation as long as they get paid for the service, at least, the more shady ones don't.

So you can be browsing a legit site, hit a malware infested ad, and *boom* Win 7 Security 2011.

Dancing David · 18th May 2011, 09:56 AM

Originally Posted by AdMan

How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..?

Um it varies but basically any web host that does not run regular security sweeps the pages it is hosting. And does not have a sysadmin who is doing their stuf. So like our school district stopped supporting user generated pages or PTA generated pages.

Dancing David · 18th May 2011, 09:58 AM

Originally Posted by Bob001

So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters?

Um most of it will just lockup the desktop, now some variants are very deep and will gather passwords, which if it snags one with high level admin privileges could be a problem.

Dancing David · 18th May 2011, 09:59 AM

Originally Posted by Driftwood

Mostly through ad banner rotation. The little ads on the tops and sides of web pages. Most adservers aren't really aware of what they're putting into rotation as long as they get paid for the service, at least, the more shady ones don't.

So you can be browsing a legit site, hit a malware infested ad, and *boom* Win 7 Security 2011.

OOOOOOoooooooooohhhhhhhhhh, that sucks.

And explains a lot.

bryan · 18th May 2011, 10:02 AM

There does seem to be a recent increase in these things, I have cleaned 3 computers in the past 2 days that the users have been scammed into installing.
Nothing freaks out a basic user more than getting the "you have a virus" warning flashing all over the screen. Even when they know not to push the ok/buy/install button it is too hard for them not to.

Thats what keeps ups computer "experts" in business, I guess

Paul C. Anagnostopoulos · 18th May 2011, 04:23 PM

Originally Posted by bryan

Thats what keeps ups computer "experts" in business, I guess.

The fellow who bailed me out was worth every penny I paid him.

Have you ever seen the USB drivers go to hell after one of these trojans?

~~ Paul

Blue Mountain · 18th May 2011, 04:58 PM

Two ways to reduce your chances of getting infected when you're surfing the web on Windows:

Use Firefox with the NoScript add-on. JavaScript is a favoured vector these days for malware infections; NoScript refuses to let third-party JavaScript code run when you surf to a site. (I've seen some sites go to as many as 20(!) other sites for JavaScript when I connect to them.) It does make things a little harder to work with in today's hyper-connected Web 2.0 world, but that very hyper-connectedness is what's helping fuel these infections.
Use the MVPS Hosts file to prevent any web-enabled program on your system (web browser, email client, RSS news reader, Adobe Reader, music player) from connecting to advertising sites by giving them a fake IP address.

Driftwood · 18th May 2011, 07:20 PM

Originally Posted by Dancing David

OOOOOOoooooooooohhhhhhhhhh, that sucks.

And explains a lot.

Around here (our company), UGO is notorious for running such ads.

Blue Mountain · 18th May 2011, 08:30 PM

Originally Posted by Driftwood

Around here (our company), UGO is notorious for running such ads.

Which is why you want to be running ad blockers and JavaScript blockers. Surfing the net without them these days borders on insane.

Driftwood · 18th May 2011, 09:20 PM

Originally Posted by Blue Mountain

Which is why you want to be running ad blockers and JavaScript blockers. Surfing the net without them these days borders on insane.

I agree, but the problem arises when companies complain that they're getting no ad impression feedback. That makes for more persistent ad pushes. It's almost a self sustaining cycle. You get ads, people block the ads, the ads get more outrageous, you block the javascript, ads get even more intrusive, and now you've got a problem.

16th May 2011, 01:34 PM	#1
Bikewer Philosopher Join Date: Sep 2003 Location: St. Louis, Mo. Posts: 9,522	Virus/ trojan posing as security software The department's in-car laptops are supposedly reserved for "official" business, but it's no secret that they get considerable surfing use... Some officers are reasonably computer-savvy and some are not. The other day, I tried to fire up the one in a car I seldom use and found that it had been trojaned-up by one of those things that show up while you're browsing as "windows security" telling you that you have 3 million viruses and 28 trojans and you must click NOW to get rid of them. Unfortunately, someone did... The result was a complete takeover including disabling the installed anti-virus software. These seem to be increasingly common; I just accessed Google Images and one of these screens popped up.

16th May 2011, 01:54 PM	#2
Red3 Muse Join Date: Sep 2008 Location: South Yorkshire U.K Posts: 748	yeah, they're so easy for people to click on to shut them down - I've had to clean up one or two of my friend's PCs that have fallen victim to those things.
	__________________ "I want to be cremated, and I want my ashes blown in Uri Geller's eyes." - James Randi. IT'S A TRAP!

16th May 2011, 03:44 PM	#3
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Yup they suck and can come up for a wide variety of reasons. They seem to be disabling task manger or safe mode more now, than last year. But they also are tending to hide in AppData folders So often Al lUsers/Aplication Data or Username/Local Settings/Application Data some are hidden, some are not.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

16th May 2011, 06:23 PM	#6
Joey McGee Transcendental Naturalist Join Date: Feb 2011 Posts: 3,114	The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common.
	__________________ How do I know that this is so? By looking!

16th May 2011, 07:04 PM	#8
Joey McGee Transcendental Naturalist Join Date: Feb 2011 Posts: 3,114	Originally Posted by dtugg Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system. One was on XP the other Vista, AFAIK with that security setting intact, so I don't know. All that happened was Avast's alarms went off and said I was under attack and then it was corrupted. AFAIK it's still possible to get around that Vista feature but someone else will have to elaborate.
	__________________ How do I know that this is so? By looking!

16th May 2011, 05:35 PM	#4
dtugg Banned Join Date: Jul 2008 Location: NWO headquarters Posts: 7,898	I don't know how people fall for these things. It is very obvious.

16th May 2011, 06:20 PM	#5
elgarak Graduate Poster Join Date: Nov 2003 Location: No matter where I go, there I am Posts: 1,859	Originally Posted by dtugg I don't know how people fall for these things. It is very obvious. In particular for me. When this thing starts 'scanning' my C: drive ... while I am on Mac OS X...

16th May 2011, 06:41 PM	#7
dtugg Banned Join Date: Jul 2008 Location: NWO headquarters Posts: 7,898	Originally Posted by elgarak In particular for me. When this thing starts 'scanning' my C: drive ... while I am on Mac OS X... Yeah that has happened to me. Originally Posted by Joey McGee The last time I got one was simply browsing and clicked nothing. I figured it was something I'd downloaded earlier so decided to deal with it later and went to another computer to finish watching the video (watching tv show on a youtube style site) and that computer got infected too. Perhaps I'm misremembering and I did something stupid twice but AFAIK this is possible and relatively common. Are you running Windows XP? My opinion is that is is very insecure compared to Vista/7. Most users run in admin mode which means that programs can do whatever they want to including entirely **** up the system. In Vista/7 you have to manually confirm that a program should have access to the system, limited the amount of damage it can do. This might be annoying to some people but it makes for a more secure system.

16th May 2011, 07:38 PM	#9
jja New Blood Join Date: Apr 2011 Posts: 6	In removing these things, I've had good luck lately with booting to safe mode, performing a system restore to a point before the infection happened, then running Malwarebytes to complete the cleanup. If this doesn't work, you should consult a professional.
jja New Blood Join Date: Apr 2011 Posts: 6

16th May 2011, 07:49 PM	#10
The Norseman I Void Warranties Join Date: Dec 2008 Location: The Treasure Valley Posts: 3,236	Virus/trojan posing as security software Have you tried arresting it for impersonating an officer?
	__________________ "I have always thought that a wild animal never looks so well as when some obstacle of pronounced durability is between us." "Sticking the flounce is the hardest move in forum gymnastics." -tsig

17th May 2011, 02:07 AM	#11
Driftwood Scholar Join Date: Jan 2011 Location: United States Posts: 59	I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated. Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites!

17th May 2011, 02:49 AM	#12
philkensebben Graduate Poster Join Date: Jun 2007 Location: Germany Posts: 1,831	blegh, had this nasty little thing last week, rendered my laptop unusable for several days, untill I finally found a solution. The virus had even managed to disable exe's in safe mode, so couldnt run malware bytes through there. Through the Admin profile was no good, as I couldnt update malware bytes to a point, where it would be of any use. Long story short (er), punched in a code into the malware, which stopped it from atleast causing pop ups, then got a registry fix, which enabled me to run and update malware bytes. Problem solved. System Restore didnt seem to work either btw as It would let me click on any previous restore points. Was quite proud of my self, as I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it.

17th May 2011, 03:04 AM	#13
Joey McGee Transcendental Naturalist Join Date: Feb 2011 Posts: 3,114	Originally Posted by philkensebben I'm fairly clueless with these kinds of things and was expecting to have to pay some computer geek to get rid of it. It's worth mentioning that no one should ever have to do this. There are enough forums such as Bleeping Computer where people will troubleshoot it with you for free. You just have to provide as much info and logs as you can, wait for someone to respond and do what they tell you, it's a great system, God bless 'em
	__________________ How do I know that this is so? By looking!

17th May 2011, 04:37 AM	#14
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Originally Posted by dtugg I don't know how people fall for these things. It is very obvious. Well to most people their computer is a mystery, and so social engineering is very effective. I tell staff at both my schools to not respond to anything that does not say "ForeFront" on it, after three years they are getting a little better, some just never listen. Some students and some staff will just click on anything.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

17th May 2011, 04:40 AM	#15
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Originally Posted by Driftwood I use rkill to shutoff all the malware processes, and MalwareBytes Anti-Malware to remove it. In general, I use Microsoft Security Essentials and Spybot Search & Destroy (with TeaTimer). This prevents 99.9% of what most people get. In fact, I've only had it happen once over the course of many years, and had it eliminated and everything restored in under 20 minutes. Always keep your systems patched (I have Win 7), always keep your anti-malware and AV programs updated. Also, while you can get the malware just about anywhere that has ad rotation, the vast majority occurs on porn and warez sites, so don't look at those or dodgy porn sites! More recently people have been inserting stuff into Google images, and then there are hoardes of other trojans: screen savers, coupon programs, toolbars.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

17th May 2011, 08:11 AM	#16
Wudang BOFH Join Date: Jun 2003 Location: Sheffield Posts: 8,243	And ostensibly safe websites serving up malware http://www.theregister.co.uk/2011/05..._com_infected/
	__________________ Aphorism: Subjects most likely to be declared inappropriate for humor are the ones most in need of it. -epepke

17th May 2011, 08:35 AM	#17
Beerina Sarcastic Conqueror of Notions Join Date: Mar 2004 Location: A floating island above the clouds Posts: 23,835	Originally Posted by dtugg I don't know how people fall for these things. It is very obvious. They're not after you -- they're after the retiree who doesn't have a clue. If they can hit millions, all they need is 1 of 100 to be fooled and still turn a nice profit.
	__________________ "Great innovations should not be forced [by way of] slender majorities." - Thomas Jefferson The government should nationalize it! Socialized, single-payer video game development and sales *now!* More, cheaper, better games, right? Right?

17th May 2011, 11:54 AM	#18
Paul C. Anagnostopoulos Nap, interrupted. Join Date: Aug 2001 Location: a little toolshed Posts: 18,592	Originally Posted by dtugg I don't know how people fall for these things. It is very obvious. On Friday I was infected by a variant of the "Windows Repair" trojan. No clicking necessary. It trashed my system immediately, without even the ability to reboot in safe mode. The author was not out for money (by tricking me into buying something), he was simply out for destruction. It took an expert and me about five hours to get my system back. ~~ Paul
	__________________ Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. ---Susan Ertz RIP Mr. Skinny Last edited by Paul C. Anagnostopoulos; 17th May 2011 at 01:03 PM.

17th May 2011, 12:21 PM	#19
Bob001 Muse Join Date: Dec 2006 Posts: 882	When you refer to the "department's" in-car laptops, do you mean a police department or some other governmental agency? If it's that easy to capture an official computer, we should all be a little worried. Is there an IT department that can restrict the access that ordinary users have, meaning no dumb downloads?
Bob001 Muse Join Date: Dec 2006 Posts: 882	Last edited by Bob001; 17th May 2011 at 12:22 PM.

17th May 2011, 12:45 PM	#20
Bikewer Philosopher Join Date: Sep 2003 Location: St. Louis, Mo. Posts: 9,522	Yes, it is a police department. These are the "toughbook" laptops that are essentially universal in police work. Connected to the net via Sprint modem to access DOR, records checks, and various other sensitive materials. I pointed out various security flaws when we got these, and the university's IT guys did go to heroic efforts to make the thing only able to access the "official" sites. Like removing most of the functionality from the desktop, re-purposing the various internet icons to lead directly to the law-enforcement sites, and so forth. Utterly useless, of course. Once one is connected to the law-enforcement portal, one is connected to the internet. All you need to do is pull down one of the imbedded-in-Windows access icons and you're off. Or, if you're slightly more sophisticated, use a thumb drive with a browser installed. I pointed this out to the chief as well, but nothing further has been done. As a result, bored officers working 10-hour midnight shifts over the normally-dull Summer are predisposed to surf... I maintained a better approach would have been to accept that the guys will use the computer and dole out some decent training on how to do so safely..... No action as yet.

17th May 2011, 08:30 PM	#21
Driftwood Scholar Join Date: Jan 2011 Location: United States Posts: 59	Originally Posted by Dancing David More recently people have been inserting stuff into Google images, and then there are hoardes of other trojans: screen savers, coupon programs, toolbars. Oh yeah. I'm a PC technician, and I meet this on a daily basis. It's amazing the ways this kind of malware is making it's way into the mainstream, even on completely legit sites.

17th May 2011, 08:34 PM	#22
AdMan Philosopher Join Date: Feb 2010 Posts: 7,168	Originally Posted by Driftwood Oh yeah. I'm a PC technician, and I meet this on a daily basis. It's amazing the ways this kind of malware is making it's way into the mainstream, even on completely legit sites. How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..?
AdMan Philosopher Join Date: Feb 2010 Posts: 7,168	__________________ It is far better to grasp the universe as it really is than to persist in delusion, however satisfying and reassuring. - Carl Sagan

17th May 2011, 08:34 PM	#23
Bilbo Banned Join Date: Apr 2011 Posts: 191
Bilbo Banned Join Date: Apr 2011 Posts: 191

17th May 2011, 09:12 PM	#24
Bob001 Muse Join Date: Dec 2006 Posts: 882	So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters?
Bob001 Muse Join Date: Dec 2006 Posts: 882

17th May 2011, 09:20 PM	#25
elgarak Graduate Poster Join Date: Nov 2003 Location: No matter where I go, there I am Posts: 1,859	Originally Posted by Bob001 So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters? Wrong side. It prevents the computer to be used for police work.

17th May 2011, 10:52 PM	#26
Driftwood Scholar Join Date: Jan 2011 Location: United States Posts: 59	Originally Posted by AdMan How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..? Mostly through ad banner rotation. The little ads on the tops and sides of web pages. Most adservers aren't really aware of what they're putting into rotation as long as they get paid for the service, at least, the more shady ones don't. So you can be browsing a legit site, hit a malware infested ad, and boom Win 7 Security 2011.

18th May 2011, 09:56 AM	#27
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Originally Posted by AdMan How does it get into legit sites? Some examples of sites it's crept into that we should be wary of..? Um it varies but basically any web host that does not run regular security sweeps the pages it is hosting. And does not have a sysadmin who is doing their stuf. So like our school district stopped supporting user generated pages or PTA generated pages.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

18th May 2011, 09:58 AM	#28
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Originally Posted by Bob001 So what can this malware actually allow an intruder to do with a police computer? Can he access confidential records? Run license plates? Get info like home addresses from licenses and registrations? Get Social Security numbers? Change or delete records? Make licenses look suspended? Make it look like some citizen is an escaped murderer? This sounds like a much more serious problem than if the average office drone screws up his desktop. Does senior management have any interest in this? Do police really need full-functioned laptops, or would they be better served by a dumb terminal linked directly to secure computers at headquarters? Um most of it will just lockup the desktop, now some variants are very deep and will gather passwords, which if it snags one with high level admin privileges could be a problem.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

18th May 2011, 09:59 AM	#29
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 34,702	Originally Posted by Driftwood Mostly through ad banner rotation. The little ads on the tops and sides of web pages. Most adservers aren't really aware of what they're putting into rotation as long as they get paid for the service, at least, the more shady ones don't. So you can be browsing a legit site, hit a malware infested ad, and boom Win 7 Security 2011. OOOOOOoooooooooohhhhhhhhhh, that sucks. And explains a lot.
	__________________ Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager

18th May 2011, 10:02 AM	#30
bryan Scholar Join Date: Nov 2007 Location: Colorado Posts: 117	There does seem to be a recent increase in these things, I have cleaned 3 computers in the past 2 days that the users have been scammed into installing. Nothing freaks out a basic user more than getting the "you have a virus" warning flashing all over the screen. Even when they know not to push the ok/buy/install button it is too hard for them not to. Thats what keeps ups computer "experts" in business, I guess

18th May 2011, 04:23 PM	#31
Paul C. Anagnostopoulos Nap, interrupted. Join Date: Aug 2001 Location: a little toolshed Posts: 18,592	Originally Posted by bryan Thats what keeps ups computer "experts" in business, I guess. The fellow who bailed me out was worth every penny I paid him. Have you ever seen the USB drivers go to hell after one of these trojans? ~~ Paul
	__________________ Millions long for immortality who do not know what to do with themselves on a rainy Sunday afternoon. ---Susan Ertz RIP Mr. Skinny

18th May 2011, 04:58 PM	#32
Blue Mountain Resident Skeptical Hobbit Join Date: Jul 2005 Location: Waging war on woo-woo in Winnipeg Posts: 3,634	Two ways to reduce your chances of getting infected when you're surfing the web on Windows: Use Firefox with the NoScript add-on. JavaScript is a favoured vector these days for malware infections; NoScript refuses to let third-party JavaScript code run when you surf to a site. (I've seen some sites go to as many as 20(!) other sites for JavaScript when I connect to them.) It does make things a little harder to work with in today's hyper-connected Web 2.0 world, but that very hyper-connectedness is what's helping fuel these infections. Use the MVPS Hosts file to prevent any web-enabled program on your system (web browser, email client, RSS news reader, Adobe Reader, music player) from connecting to advertising sites by giving them a fake IP address.
	__________________ The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French) Canadian or living in Canada? PM me if you want an entry on the list of Canadians on the forum. Last edited by Blue Mountain; 18th May 2011 at 05:04 PM.

18th May 2011, 07:20 PM	#33
Driftwood Scholar Join Date: Jan 2011 Location: United States Posts: 59	Originally Posted by Dancing David OOOOOOoooooooooohhhhhhhhhh, that sucks. And explains a lot. Around here (our company), UGO is notorious for running such ads.

18th May 2011, 08:30 PM	#34
Blue Mountain Resident Skeptical Hobbit Join Date: Jul 2005 Location: Waging war on woo-woo in Winnipeg Posts: 3,634	Originally Posted by Driftwood Around here (our company), UGO is notorious for running such ads. Which is why you want to be running ad blockers and JavaScript blockers. Surfing the net without them these days borders on insane.
	__________________ The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French) Canadian or living in Canada? PM me if you want an entry on the list of Canadians on the forum.

18th May 2011, 09:20 PM	#35
Driftwood Scholar Join Date: Jan 2011 Location: United States Posts: 59	Originally Posted by Blue Mountain Which is why you want to be running ad blockers and JavaScript blockers. Surfing the net without them these days borders on insane. I agree, but the problem arises when companies complain that they're getting no ad impression feedback. That makes for more persistent ad pushes. It's almost a self sustaining cycle. You get ads, people block the ads, the ads get more outrageous, you block the javascript, ads get even more intrusive, and now you've got a problem.