If we go back about ten years viruses were solely spread by emails. The people that spread these viruses then started to get savvier and found new ways to spread them. The next method of spreading malware was USB sticks, often causing problems for the likes of students who would use a USB stick, realise it was contaminated and then use all their course work.
These days’ we are more aware of viruses and know to be careful of opening emails from unknown sources. A change in attitude means the criminal gangs need to think outside of the box since we’ve become more clued up to know how they operate. The latest fashion in creating viruses is therefore drive by downloads.
Drive by downloads is where a genuine website is hijacked and infected. Innocent victims visit the website and unknowingly malware is installed onto their computer. This catches people off guard as it is common for people visit the same websites day in day out and therefore wouldn’t think twice about catching something.
Think of bbc.co.uk, argos.co.uk or the telegraph.co.uk. These websites have a very strong ethical reputation; you would never suspect them as being infected. If we take a smaller website which has less security, we see it can easily be turned into a way of spreading malware and making money. Once a website is infected it tries to infect other websites. The infected computer will also dial out to local computers or external computer to spread the virus further.
As a data security company we do not get involved in firewalls and antivirus setups too often but we have seen a surge of infection by drive by downloads. Distraught clients or even client’s clients have called us up for virus removal assistance. Although not fully our remit we like to make sure our customers are cared for so rarely turn down a distraught person or company.
On closer inspection the one thing that has connected all of the malware infections is the origin - Russia. Upon testing one particular infection of a website, we saw that it had been infected for weeks yet no online malware URL databases picked it up and even Google failed to block it. On trying around four internet security suites all but one failed. It is alarming a website can be infected for weeks yet antivirus vendors fail to detect and block the website.
Audaciousness is increasing and within a few years we may see viruses being programmed to infect an innocent person for the sake of it. We are already seeing fake internet security suites being installed to tell you have a virus. However, the infection lies in the faux internet security suite itself. To remove the ‘virus’ you are asked to pay a fee of $60. In some of these cases websites and Indian or Filipino call centres have been set up to make the virus appear real and to take the ‘support calls’.
There a few things you can do to protect yourself. Firstly, invest in a full internet security suite not just a freebie standalone internet security suite. Be careful what you visit and follow what the anti-malware plug-ins tells you. Virtualising (sandbox) the internet browser is another option which isolates the browser from the main operating system; although in some cases we have seen malware infections still get through so be aware. Lastly backup, backup and backup. Many businesses or private clients we have visited have lost data. One even lost two years of book keeping data due to no backup.
Note: Written in the start of 2012 but only just published - information maybe dated.