Rogue Antivirus'

Thank you to our friends at Sunbelt:

All antivirus companies are being hit with the next wave of malware: Rogue antivirus tools like Antivirus 2010. This code throws messages on the user's screen that they are infected, and "download here to get rid of the malware". Sure enough, that gets the Trojan installed.

The reality is that no AV vendor, ESET, McAfee, Sunbelt, Sophos, Symantec, etc. can give you 100% coverage against it.These new fake antivirus variants are some of the most vicious, polymorphic Trojans this industry has seen. They use extremely complex obfuscation techniques which make detection quite challenging by even the best antivirus engine. Many of these rogues are also service-side polymorphic. That means every time an exe is downloaded, it's recompiled on the server-side into a different piece of code.

There are about 75,000 new tier-1 pieces of malware coming out every day. Educate yourself! The vast majority of infections these days are caused by social engineering. A user will get a funny video link on Facebook or some other social networking site, click on it, and it will say that they need to "install a special codec", or "update Flash". Or they will be doing a Google search and a malware site will have attached itself to an innocent keyword. The user will click and start getting crazy warnings that their machine is infected. This is the malware trying to get the user to install. If something does not look right, it probably is not right - DON'T CLICK ON IT!

Be sure you have a current version of your AV program installed or updated. If you’re not sure what you have, throw caution to the wind and consult an ODI rep. Too often we’ve found clients have not 1, but 2 AV programs installed and more times than not, they either hog up space on your computer- slowing it down something terrible, or they conflict with each other! Give us a call today!