Category Archives: Viruses

Viruses and worms

Google Chrome targeted by Malware

Interesting piece by Ed Bott: Malware authors target Google Chrome (on Windows).

Sounds similar to these kinds of fake Windows anti-virus scans which you see around the place, and try to convince you to click and download an executable which will supposedly clean up your PC:

Fake anti-virus check in Google Chrome

This type of thing reinforces the fact that no browser/platform is safe from malware, and that it’s important not to regularly run your account with Admin privileges on your PC.

Personally I reckon it wouldn’t hurt to have a setting in Windows (and other operating systems) that prevents running executables from any directory where the current (non-Admin user) has write-permissions, eg only letting them run programs that have been installed by an Administrator.

Does any OS offer something like that at the moment?

Photo kiosks spreading viruses

Be careful with any USB drives you take to photo kiosks — thoroughly scan them afterwards for viruses.

Turns out Big W (FujiFilm) kiosks have been spreading viruses, and Fuji is now investigating equipping them with malware protection. Not before time.

This rung a bell for me. I’m sure a month or two ago after I got some photos, I found the drive I’d used had a suspicious autorun.inf file on it that I could’t figure out the origin of.

As Graham Cluley comments, it might be best to use a USB drive with a read-only switch.

USB stick vulnerability in all versions of Windows

Zero-day flaw. EVERYBODY PANIC! (Well, if you use Windows.)

Simply browsing a USB drive, Windows file share or WebDav directory can potentially infect you via a rootkit inside a .lnk file. All current versions of Windows said to be vulnerable.

Ebooks To Understand Fibromyalgia And Other Diseases com/technet/security/advisory/2286198.mspx”>Microsoft advisory: Vulnerability in Windows Shell Could Allow Remote Code Execution — no fix yet, but they do list a workaround.

Sophos’s Chester Wisniewski’s blog: Windows zero-day attack works on all Windows systems — Chester notes a good workaround:

Today, a colleague suggested the best mitigation I have heard so far: deploying a GPO disallowing the use of executable files that are not on the C: drive. This will work for most environments, and you really shouldn’t be running executables from USB drives and network shares anyway. We tested this solution against the vulnerability and it does in fact provide protection.

…which would be nice, but I’m buggered if I can find it in gpedit.msc.

From the looks of it, most of the big anti-virus vendors are onto it, and will detect it as long as your definition files are up to date.

Ebooks To Understand Fibromyalgia And Other Diseases

Coles runs on Windows

The other day a McAfee stuff-up led to thousands of Windows XP machines getting a virus data file which deleted SVCHOST.EXE, a vital part of the operating system.

As Ed Bott remarked: I’m not sure any virus writer has ever developed a piece of malware that shut down as many machines as quickly as McAfee did today.

In Australia, one high-profile company hit was Coles, with around 10% of registers knocked out of action causing a number of their supermarkets to have to stop trading while they fixed it.

Yes, Coles runs on Windows.

About 12 years ago Coles ran a project (which I worked on for a short time) to move off NCR cash registers in favour of Windows-based POS systems (then on NT4) developed in-house for the company, with the initial rollout being in Coles. The plan was to subsequently roll it out across other then-subsidiaries such as Target, K-Mart, Myer and so on.

They did a fair bit of interesting workflow analysis, for instance coming up with the Windows Start Menu-style interaction for the cashier to select which fruit/veg they were putting on the scales. It was all designed to cut training requirements and transaction times, and improve backoffice operations, as well as freeing them from dependence on NCR, which at the time had told them support was ending for the registers they’d been using.

Obviously Thursday’s problems showed a down side of the plan!

Perhaps the lesson here is that if your Windows PCs are secure (you wouldn’t imagine they’d allow people to slip in a disc or USB stick and run any old program on them) and fundamental to your company operation, you shouldn’t allow any automated updates onto them (not McAfee, Microsoft, nor anything else) without verifying that it works okay first.

Psyb0t worm infecting modems/routers

The new “psyb0t” worm infects modem/routers by getting in via unsecured ssh/telnet ports on common MIPS Linux-based models such as those by Netcomm, Netgear and Linksys. Apparently a lot of these devices are shipped unsecured… and of course, most people don’t know how to check and change that. I know I don’t.

My router has DD-WRT on it. The DD-WRT web site has an article saying they believe they are not vulnerable, unless WAN management has been enabled.

It’s probably worth checking with your router or firmware provider to see if you’re vulnerable, and/or steps to check and secure your equipment.

APCmag: New worm can infect home modem/routers

ZDNet: ‘Psyb0t’ worm infects Linksys, Netgear home routers, modems

DRONEBL: Network Bluepill – stealth router-based botnet has been DDoSing dronebl for the last couple of weeks — which clarifies the conditions under which the infection can spread.

Anti-virus performance

Even if you avoid putting multitudes of security packages onto your computer, you need to be careful choosing what you do install. For now I’m going with Windows Firewall because it’s easy and cheap and seemingly fast. (Yeah I know it doesn’t block outbound connections.)

And anti-virus? Well I’m beginning to think, despite what I said last month, that CA AntiVirus may be helping to cause my Media Center problems. It’s also continuing to bug my kids (non-Admin users; and I plan to join them in that group) with pointless error messages.

Kaspersky gets a good rap from C/Net, so I’ve downloaded a trial version. I don’t have any hard data, but the machines already seem more responsive.

By the way, reading an APCMag anti-virus review (Feb 2007), it noted that Norton takes up over 300Mb of disk space! 300Mb?!? For anti-virus? That’s insane.

Wrestling with CA Internet Security Suite

CA Internet SecurityI’ve used Vet, the old Aussie favourite, for anti-virus on my primary PC for several years. After the initial investment it’s been A$39.95 per year, so it’s (I guess) reasonably cheap. It also meets my primary requirements for security software:

  • Small footprint on CPU, RAM and disk.
  • An interface that shutsthehellup and gets on with the job… especially when the kids are trying to play games. They (quite rightly) grumble when a full-screen game is shutdown just because some applet wants to tell you it’s downloading an update for itself.

Vet got bought by Computer Associates some years ago, morphing into CA Antivirus. My current subscription was about to run out, and they offered me an upgrade to the full CA Internet Security Suite, for 1-3 PCs, for A$69.95, less than double the cost of renewing the single anti-virus licence. Given I’d been having problems with Free AVG on my second computer (it won’t shut up about the updates it’s loading, and sometimes complains that it’s not working, particularly when a non-Admin user is logged on), I’d considered getting a second licence anyway, so it seemed like a good deal.

And I’d be gaining a Spyware detector and a more fully-fledged firewall than the Windows one. Question is, were they any good? I knew the CA Antivirus would do the job, but what about the others?

Installation was straightforward. Licence looked over-long, but was in fact a base licence with extra points for virtually every country in the world. There must be a better way to present this… choose the country first?

Antivirus ran as I expected. Did a full scan, then shut up and sat in the background. No problems.

The firewall? Once it started, it began popping up alerts… it might claim to be pre-configured for some programs, but appeared not to know about very obscure ones such as FIREFOX.EXE and IEXPLORE.EXE. Hmmm. It was fine once it knows about things, but evidently needs to be babied along for a day or two at first. The configuration screen seemed sluggish, and it wasn’t clear if it had picked up the existing rules from the Windows Firewall. So I’m not sure about this. It’s tempting to shut it off and just use the Windows Firewall instead, which wouldn’t catch outbound malware, but then, I’ve never had issues with that.

Anti-spam I’m frankly, not that interested in. The protection provided by my ISP and by Outlook is good enough that I don’t want to complicate things by adding a third barrier into the mix. (I also got stung the other week by over-zealous spam filters — you can read about it here.)

Spyware. I’m generally in favour of anti-spyware applications. While I’m not of the “every cookie is a threat to my privacy” school of paranoia, there are some genuinely malicious applications out there. (See Jeff Attwood’s recent post on this.) But I run a pretty tight ship with regards to downloads, so I’ve never considered it to be a big problem. So Spyware detection I consider a nice-to-have.

CA’s Spyware detector though, I didn’t like. It was probably doing an okay job, but it wouldn’t shut up. Every time a non-admin user logged in, it piped up with the fact that the user wouldn’t be able to change it’s configuration, even if the scanning had been turned off. Listen carefully, CA: I DON’T CARE. Either give me the option of turning off this warning, or don’t give it in the first place.

CA Antispyware error

I don’t want to subject non-admin users to pointless error messages so that a security measure of doubtful use can run. After all, the whole point of security software is to let you use your computer uninterrupted by problems. If the security software itself is going to insist on interrupting you, it kinda defeats the point, doesn’t it.

I’m not going to make every user an admin to avoid the warnings. If the manufacturer of an Internet Security product is telling me to have every user as admin, then they’re idiots.

Web filtering. Apparently the licence includes a free download of some parental web filtering software. I didn’t try it.

I also ran into problems with the licence keys. Evidently because my Vet licence expired, and all the new licences are linked to that one, CA’s system flagged them all as expired. The support web pages (which have an annoying tendency to keep opening new windows) suggested running a licence sync, which didn’t work. Their “24-7 web support” turned out to be an enquiry form. About 48 hours after putting in a request, the problem seemed to have cleared, but as I never got a reply from it, I don’t know if it fixed itself, it was something I did with my tinkering, or if CA’s support fixed it.

In conclusion I’m happy enough with the antivirus component, which is the essential element I really wanted. It’s quite obviously the most refined, mature product in the suite. The other stuff I either didn’t want, or can’t (or won’t) use because it doesn’t run well. If you’re looking for a fully-fledged Internet security suite… keep looking.

On the other hand, I’ve still got about 45 days to get a refund, if I want it. Anybody else care to nominate their favoured anti-virus apps for Windows XP?

Other reviews of CA Internet Security:

Update: A month later I dumped this product.

AVG IS still free

AVG is moving its free anti-virus from version 7.1 to 7.5. Never fear, it’s still free, despite the announcement implying that it won’t be after January 2007. What it’s actually saying is that version 7.1 won’t be supported after that time, but a lot of people are misreading it.

The optimist in me says it’s just worded badly. The cynic in me notes that some recall the switch from version 6 to 7 was worded in a similar way and it smells a little bit of the Real Player page that featured a big advert for the paid version, and a tiny link to the free one. But hey, the bottom line is AVG is still free, and millions of home users can continue to protect their PCs. Can’t really argue with that.

Free version 7.5 download here.

Other freebie anti-virus packages for Windows include Avast, Trend’s free adhoc (online) scan and the open-source ClamWin.

Stop Ian Frazer turning your daughter into a Wanton Slut

Ian Frazer (born January 6th, 1953) is an Australian immunologist, best known for his work on the development of a cervical cancer vaccine, which works by protecting women from Human papillomavirus (HPV). In January 2006 he was named Australian of the Year. — Source:Wikipedia

Now, this is a vacine, not a cure. It will only protect you if you get vacinated prior to exposure. HPV is a STD transferred regardless of condom use. It is also transferred mother-to-child in the birth canal.

In another example of misogynistic intervention, the Christian Right in the USA is opposing mandatory vaccination against the Human papillomavirus vaccine. I can imagine economists wanting to block it (at USD$300-$500 per patient), but they’d have no leg to stand on (USA: 4K deaths/pa @$1m each =$4b; that buys you 8m-12m vacinations per annum, which is more than the number of people you’d be looking to vacinate – figures go higher if you count number of non-fatal cancer cases, lower if you lower the value of the affected lives). The administration in the US is leaning towards the Christian Right’s views.

Katha Pollitt thinks that blocking this vaccine is the stupidist thing imaginable:

Raise your hand if you think that what is keeping girls virgins now is the threat of getting cervical cancer when they are 60 from a disease they’ve probably never heard of.

She rants like someone who cares. Cares a lot. Read her article.

“Sailorman” says that by not mandating this vaccine, the US government isn’t being rational:

I am a parent. And I confess that even though I KNOW the statistics, saying “sex” and relating it to “your 10 year old daughter” gives me the heebie-jeebies. But you bet your ass I’d have her in there for the shot.

He then goes on to give a detailed logical analysis that leads to the same conclusion as Katha Pollitt’s “Raise your hand” opinion.

CSL (an Aussie company) have been trying to make this vaccine fly:

CSL is working with Merck and Co. Inc (USA) to develop a vaccine to prevent cervical cancer and genital warts. The vaccine is based on proprietary virus-like particle (VLP) technology developed at the University of Queensland. This technology produces virus-shaped particles which mimic the real virus to produce a safe and effective immune response. The vaccine has four VLP components covering the HPV types 16, 18, 6 and 11. Following smaller scale clinical trials, the vaccine is now in advanced trials aimed at demonstrating its safety and effectiveness in tens of thousands of subjects.

I wonder what the Australian government’s position on this is? What would you guess? After all, Ian Frazer was named Australian of the Year.

Update: In 2007 the vaccine was listed in Australia for teenage females, and from February 2013 all 12 and 13 year olds are immunised.

Human to human transfer of Birdflu seen in Indonesia

Human to human transfer of Birdflu has been seen in Indonesia. Six of the seven infected people have died. The infection chain from the index case is three people long.

That which was a matter of time may actually be upon us.

So, what’s your H5N1 survival strategy?

Vaccination and Hippies

Owen turned four (months) recently, and he was taken to the doctor for that round of inoculations. That reminded me that when Cathy and I were doing childbirth classes we discovered that the lunatic fringe is alive and well in Melbourne. The subject was “Sleeping Soundly”, the opening minutes of which were about vaccination for no reason I could discern.

The World Health Organisation, whom the Choices for Childbirth speakers quote when lamenting (quite rightly, in my opinion) the high medical intervention rate during childbirth, is studiously ignored when talking about how one ought to explore both sides of the “debate” over immunization. The WHO says “No child should be denied immunization without serious thought about the consequences, both to the child and the community”.

Humans are terrible at estimating risk (also known as probabilities). They happily play lotteries (one in millions chance of winning), but then drive their kids to school (running a pronounced risk of a car crash and injuries vs a vanishingly small risk of a perverted old man snatching their kid and having his way with them). Humans are prejudiced machines – they decide things without knowing all the information (pre-justice, or pre-judge). They make decisions based on what they can recall on the subject. And this counterpointed by the news media, which reports news. They don’t report that millions of Aussies got out of bed, went to work and came home again, without incident. That’s not news. Someone being bitten (or better yet, taken) by a shark, that’s news – because it hardly ever happens. Things that are unusual, different, out of the ordinary and notable are part of every night’s TV viewing. A viewing night of four hours – 240 minutes – includes 30 minutes of really unusual stuff, so odd and weird that the TV station sent a film crew out to take pictures of it (ever woken to find a camera crew filming you getting out of bed? “This morning, Josh got out of bed…” No, didn’t think so). And humans think “I better be careful when I go swimming, a shark could get me. I’ve seen that happen a couple of times in the last few months. In fact, just to be safe, I won’t go swimming”. We have crime shows on every night, leading viewers to think “there’s a lot of crime out and about. I’ll drive to the shops”. The news loves a good kidnapping “little girl snatched from her bedroom”, and happily ignores the fact that almost all child abductions are performed by relatives. But we’ll drive them to school, to keep them safe (and fat). So when the Tabloid TV shows announce that a child has reacted poorly to an inoculation, immunization rates plummet, in the same way breast cancer screening rates jumped right after Kylie got it. More often than not, they use their power for evil rather than good.

These same TV shows give equal time to minority and majority opinions, in the interests of fairness. Which would be fine, except humans will go “hmmm, it seems that professional opinion on this seems to be divided down the middle, I’ll just be safe and not vaccinate my child (besides, needles hurt).” It’s dangerous and irresponsible, scaremongering amongst the vaccination decision makers – parents. And they’re being affected by it. Infectious diseases the developed world thought it had eradicated (think whooping cough, which was almost wiped out – ) are resurfacing as a result of the crazy hippies who reckon that this vaccination thing is all a money making scam by the multinational pharmaceutical companies.

Vaccines don’t always work. They are not 100% effective. You can get a disease after being vaccinated against it – the vaccine may not provoke an immune response. And that doesn’t have to matter.

Needles hurt. Vaccines have an inherent level of danger. Injecting pathogens into your body isn’t something it’s really designed for, and keeping vaccines viable for an acceptable time means there’s stuff in them that some bodies will not react well to. Some immune systems go ape shit when they see the disease. Some people die. I’d like to point out how badly the bodies of these people will react when they get the real, live, unattenuated, unadulterated, honest-to-God virulent form of the disease – exceptionally poorly. But none the less, there is a potential cost associated with being vaccinated.

I’m going to talk about Herd immunity and the free loader effect. A certain level of non-vaccinated members of the population is acceptable, but varies from disease to disease – the immunization you’re given may not invoke an immune response in you, but at the same time, if about 90% of the population is immune, generally an infectious disease is not going to become pandemic. Which is fine, and everyone’s happy. Until God damn hippies start running around not getting immunised, becoming free loaders on those of the population who have run the risk of reacting horribly. With enough people unimmunised, eventually the herd immunity effect breaks down, and the kids of the hippies end up getting diseases that we thought no one got anymore. And, no doubt, the hippies whinge about it, but refuse to take the blame for the kids of responsible parents who got the disease despite being vaccinated against it – because their bodies failed to produce an immune response. And those responsible parents will be too grief stricken to blame the hippies for killing their child.

The Australian federal government’s Immunisation Myths and Realities booklet talks about the complaints that hippies put forward. Myths such as the MMR vaccination causing autism.

The adverse reactions a vaccination may produce are mild compared to what would happen if they actually got the disease. The only elevated risk is to those intolerant of egg products.

Let’s have a look at what these diseases do. Because, if you were against immunizing against them, they can’t be that bad, insofar as diseases go, right? Because you’re happy to run the risk of your child catching and living with (and dying from) these diseases, verus the risk of your child having “something happen to them” as a result of being vaccinated.

From the Australian National immunisation program schedule of immunisations, things that you’re innoculated against:

  • At the moment of birth: hemorrhaging. Normally Vitamin K is produced by bacteria in the intestines, and dietary deficiency is extremely rare unless the intestines are heavily damaged. But newborns are nearly sterile – if the embryonic sack is intact, they are sterile. Thus, no bacteria, and no Vitamin K, which is needed for the posttranslational modification of certain proteins, mostly required for blood coagulation.
  • Polio, check out photos of polio victims. The virus invades the nervous system, and the onset of paralysis can occur in a matter of hours. Polio can spread widely before physicians detect the first signs of a polio outbreak – so forget pulling your child from school when someone is noticed with polio, this is not a prophylactic method with any level of success.
  • Diphtheria, check out photos of children with Diptheria, a bacterial infection. Long-term effects include cardiomyopathy (the heart wastes away) and peripheral neuropathy (ie, paralysis).
  • i

  • Pertussis or whooping cough. Doesn’t sound so bad, a bit of a cough. Check out the photos of babies with a bit of a cough. Complications of the disease include pneumonia, encephalitis, pulmonary hypertension, and secondary bacterial superinfection.
  • Rubella, a relatively mild disease (photos) unless it’s caught by a developing fetus. Lifelong disability results. But I guess that’s the fetus’ problem, not yours.
  • Mumps usually causes painful enlargement of the salivary or parotid glands. Orchitis (swelling of the testes) occurs in 10-20% of infected males, but sterility only rarely ensues; a viral meningitis occurs in about 5% of those infected. In older people, other organs may become involved including the central nervous system, the pancreas, the prostate, the breasts, and other organs. The incubation period is usually 12 to 24 days (again, don’t bother pulling your kids from school – they’ve already got it). Mumps is generally a mild illness in children in developed countries. So your child should get it.
  • Hepatitis B – Over one-third of the world’s population has been or is actively infected by hepatitis B virus, so it can’t be all that bad. Hepatitis B infection may lead to a chronic inflammation of the liver, leading to cirrhosis. This type of infection dramatically increases the incidence of liver cancer. Only 5% of neonates that acquire the infection from their mother at birth will clear the infection. Seventy percent of those infected between the age of one to six will clear the infection. When the infection is not cleared, one becomes a chronic carrier of the virus.

There are other diseases, but I’ve only got so much time. Read the Australian federal government’s Immunisation Myths and Realities booklet. And for the love of all that’s right in the world, get your children immunised.

Just because you don’t understand statistics, science or even simple logical reasoning, doesn’t make vaccinating your children a bad thing. Perhaps, if you don’t understand any of these things, you should leave the decision making on vaccination to the professionals?