Ramblings, meanderings, rants and discoveries.

Monday, May 30, 2011

Viruses and Facebook

I would like to say I am part of the cause for the new Facebook awareness of Viral banners, links and apps on their site.  But I am not that full of myself to think that my one voice actually got through in spite of my complaining for a year.  Last month I basically left Facebook. I got the third infection in less than 12 months.  It is time for me to move on and leave that site to the lowlifes on the internet.

The first was a stupid registry reviver one, easily spotted and cleaned.   The second was a basic speed up your computer one - eight months later.  Same idea, They want you to run out to their site, and BUY the product that is going off except of course it is not finding the 30 viruses and spyware it lists as finding on your machine, though it may be installing them.

 I noticed it because my drive started cranking , then Flash tried to start.  I was reading an article. No reason for flash unless it is a banner which I had blocked, yep it was payload drop time. 

The screens look like they could be official.  Perhaps it is a mutation. all I know is suddenly my files seemed to disappear. I started to panic then relaxed, it was only MY user directory affected. Fine, Easy solution - SYSTEM RESTORE.  Several hours later I had it found, removed it and then cleaned, recleaned and reupdated the machine.

This one was the last straw. It had attacked the FAT. The File Allocation Table could not FIND the files to tell me they were there.  I muttered steamed until I realized Trend was scanning them.They were there. Just not able to be found.

Trend Micro's Housecall took it out.  I then followed with Malwarebytes which traced the rest of the components and removed them.  Where exactly these came from, I am not certain to this day but most evidence points to Facebook and one of those crappy banners.  But hell for all I know Bleeping Computer, GamerDNA or even Major Geeks could have been the source.  All are sites I frequent.  So I cleaned it up  kept a component or two that were non functioning without the rest to test virus checkers with and moved on.

Last month I got hit again.  This time a bit more seriously.  Yes it was another crapware banner delivering a javascript to my machine.  As far as I can tell I had this..Vista Total Security 2011 the link is to a site describing it.  This one is a Royal pain.  Thank goodness no one codes for Opera.  It starts by setting off the Official looking Your computer is infected.  It looks like a Windows defender screen. Except.. Vista is no longer really supported, and they would not charge for the fix.

If you try to open defender it is blocked, if you try to go to a website it is blocked. Here is how it works,  it downloads a little .js that sits in your roaming directory. Every time you try to open a browser page, it calls the .js to put up the page that says that the site you are trying to go to is infected.  Solution - turn off  javascript right?  Well not exactly.  I do not know if it was Firefox 4.0 or the virus but  I would turn off the .js and it would still run.  When I reopend the tools in Firefox it was checked to allow .js again and again and again.  Firefox has a 4.01, perhaps it a was a glitch in their browser or perhaps it was the virus finding a way past that.

So I did what any geek would do. I opened Opera, opened a new tab, got the error and then opened Dragonfly.  I saw what it was being called and from where. So I typed in https://trendmicro.com in Firefox  and guess what it worked.  I got housecall to run  (I do NOT keep the component in a default directory)  and got it to start cleaning off the virus, except - it did not get the java script.  So I tried Panda.  Got a message that Activescan does not work with my version of Firefox or of course with Opera. Mutter. I downloaded the 30 day trial.  I will give my evaluation of that soon.

However to be fair it found the java script and zapped it, Can anyone tell me why Microsoft keeps people from accessing and clearing the java cache?   Last week my daughter came to me, guess what - it was going off on HER machine, Facebook is about the only place in common we go anymore.  She cleaned it, we think she got it all she tried the trend 30 day free download except it seems it does not like Malwarebytes.  Too bad it works!   I updated Firefox to 4.01 and Opera to 10.11.  Activescan still does not work with those according to their site.

So I log into Facebook last week  to leave a client a message. I see they have the HTTPS in full swing - except it does not work on any applications which are the biggest offenders.  I see they have their protection on for links, except it blocked a legitimate site I was trying to go to on information about a virus spread through Facebook. And last I see the same ads on the right hand side.  And the machine goes nuts, Yep it is trying it again! NOT THIS TIME BUDDY!

Sure they check the ads - the first time, but what about each subsequent ad.  Are you sure they have not been compromised by a third party?  Why are they placed on the right on the games and groups where a mis-click can potentially end in an infected user's machine.  Why are there ads for products and techniques already known to be scams or at the very least suspicious in their claims? You know how many Acai berry diet plan ads i saw there when that was the big fad?  Hey HERE IS AN IDEA FACEBOOK - Only accept ads from REPUTABLE companies and Websites instead of lining your pockets and including in your TOS that if any user's machine is damaged by the site it is their problem nay even their fault for trusting you to perform due diligence.  So in the mean time - you all can find me on MySpace or Twitter or the gaming sites. That is unless they all decide to follow the Facebook Model and put profits over their users.

Then you will find me curled up with a good book and on the MUD.

No comments: