It’s too easy to sneak past security software

Being “the guy who knows IT” means pub conversation can sometimes start with “Ah, Jon, I’ve got a little problem with my laptop…”.

So it was last Friday, when Mike uttered the immortal words about his laptop demanding money be sent to Scotland Yard for some misdemeanour he’d apparently committed. Now, Mike is a good chap. A hard-working businessman near retirement age, he knows his onions, but he isn’t of a generation that’s naturally computer-literate. However, to give him due credit, he has worked at this deficit, to the extent that a few weeks ago I was happy to help him put together the fundamentals of a new website for his holiday-home rental business in France.

That occasion was an eye-opener, and a useful reminder of just how poorly designed so much software is for those who don’t think in computer-speak. The concept of “master pages” didn’t make any sense to Mike, until I explained that it’s equivalent to headed notepaper.

Anyway, on a bright and breezy Saturday morning, he brought round the offending laptop, a fairly recent, low-end 17in Toshiba. It was in a real mess. After booting, it went straight to a full-screen page telling Mike he had been bad, and therefore needed to send money to get his computer unlocked. It appeared quite official, with the appearance of a document from the (now-defunct) Metropolitan Police Authority, at least to an untrained eye.

However, my trained eye was drawn to the photo of Mike in the top-right corner of the document. Employing a remarkable degree of sneakiness, this malware had enabled the webcam in Mike’s laptop and snapped a picture of him as it was installing itself, then dropped this picture into the document, which made it seem all the more authentic.

Getting rid of this thing wasn’t easy. I didn’t have a Windows laptop at home, only my MacBook Pro armed with VMware Fusion and a copy of Windows 7 (and, of course, no DVD burner). Some hunting on the web suggested the best solution was to try using Safe Mode with the Command Prompt, then firing up some diagnostic tools, or to perform a rollback. Unfortunately, when I tried these approaches, the machine shut down on the spot.

Next, I scouted around and found some anti-malware tools that can be run from a bootable USB stick, as well as some tools that let me create said bootable USB stick (fortunately, I carry a scratch-use USB stick on my key ring at all times). An hour or so later, I finally got the machine booted into something I controlled by doing a rollback on the Windows system. I then ran through a number of downloadable antivirus tools to check the machine was truly clean, before reapplying all the Windows updates, dropping in IE10 as a useful upgrade, and patching all the Adobe tools, such as Flash and Reader.

What concerns me about this infection is not that it happened, nor that it used nasty scareware tactics to wind up its hapless victim; I expect this sort of thing to happen. No, what surprised me was that this happened on a fully patched Windows system – Adobe’s updater had been run the previous day, and McAfee’s antivirus suite was installed and fully up to date. This particular piece of malware had simply driven past all of this and parked itself on Mike’s laptop.

A chat with PC Pro readers who follow me on Twitter (@JonHoneyball) revealed this malware hit other machines in the same 24-hour period, and managed to waltz past other antivirus solutions, including Bitdefender (I can’t validate this report, since I didn’t see the Bitdefender machine, but it was reported to me).

So, while I’m reassured that IE10 appears to be more effective than previous versions of IE at stopping this sort of drive-by attack, I’m more than a little concerned that Mike – who was doing all the right things in a clean, coherent and responsible fashion, including having a paid-for subscription to McAfee – was nuked in such dramatic fashion.

I’m far from convinced the antivirus strategies we have in place are working. It’s hard to know what to do next or how to improve things when they’re this bad. Having saved Mike’s laptop, there was only one thing left to do: head back to the pub, laptop under arm, to be bought a decent pint for all my hard work. The nagging worry remains, however, that we’re not making any progress when it comes to combating this muck.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.