I have a medical office customer who had a computer get infected with Malware yesterday. This was a winXP machine, non-admin account locked down via a domain controller, and centrally administered A/V. This computer is locked down so hard they can’t even install a printer without logging in as administrator. The entire network is behind a $1500 firewall appliance, complete with it’s own paid antivirus and filtering subscription.
The malware completely “installed” a fake A/V, fakealert/loader, proxy, and began showing porn popups. The customer was simply doing their job, going online getting insurance information.
This kind of malware is written to install without requiring true admin privilege, yet is not easily removed by folks not knowledgeable or well equipped. The “malware” content isn’t really even detectable by any A/V, period, as it isn’t really a virus until after it runs. But, it messes things up bigger than life when it does.
These kinds of malware basically can’t be stopped. Day to day, amongst the networking and other stuff I do, maybe 80% is malware remediation. 80% of that is of the fake antivirus variety.
Leave a comment
No comments yet.