I have a medical office customer who had a computer get infected with Malware yesterday.  This was a winXP machine, non-admin account locked down via a domain controller, and centrally administered A/V.  This computer is locked down so hard they can’t even install a printer without logging in as administrator.  The entire network is behind a $1500 firewall appliance, complete with it’s own paid antivirus and filtering subscription.

The malware completely “installed” a fake A/V, fakealert/loader, proxy, and began showing porn popups.  The customer was simply doing their job, going online getting insurance information.

This kind of malware is written to install without requiring true admin privilege, yet is not easily removed by folks not knowledgeable or well equipped.  The “malware” content isn’t really even detectable by any A/V, period, as it isn’t really a virus until after it runs.  But, it messes things up bigger than life when it does.

These kinds of malware basically can’t be stopped.  Day to day, amongst the networking and other stuff I do, maybe 80% is malware remediation.  80% of that is of the fake antivirus variety.


Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

  • Calendar

    • January 2010
      M T W T F S S
      « Dec   Feb »
  • Search