July 6, 2011
The past couple of weeks were tough for anti-virus manufacturers and we started getting a lot of phone calls for virus problems. Our hardware anti-virus solution has proven to be more effective than software solutions but this latest virus attack got through everything. We were able to find the site that caused the virus and watch it happen. We tested every single flavor of the major anti-virus software companies the next day and all of them allowed this site through and then a rootkit was installed.
The rootkit is one of the nastiest attacks because it installs software that morphs and changes on every reboot and the latest attack was done with Windows Recovery. The virus downloads and removes all files and folders from the "C" drive. They are still there, just hidden. The virus also reports hard drive failures and system problems.
We had a very hard time removing the infection but thanks to one of our hard working techs, Mike Baldwin, we found out how to kill this nasty piece of software. The website in question was a plugin from Yahoo Mail and we did find that a fully patched system with Windows, Adobe, and Java updates did seem to stop the attack.
Keep your system up-to-date and make sure you are cognizant of where you are going to prevent malicious software because sometimes anti-virus is just not enough.