Roundup: your malware infection stories
Credit to Author: Wendy Zamora| Date: Mon, 10 Jul 2017 18:15:47 +0000
You hear the cautionary tales all the time. So-and-so didn’t have an antivirus in place and was infected with malware. Such-and-such business had limited cybersecurity infrastructure and was hit with a ransomware attack. You think: Sure, but it probably won’t happen to me. I’m a safe surfer. I’ve got good computer hygiene.
Turns out, it can happen to anyone—even those who follow cybersecurity news. A couple months ago, we sent out a survey to our newsletter subscribers with the following question:
Have you been infected with malware or ransomware? Tell us your story. How did it happen? How did you respond? What changes, if any, did you make to your cybersecurity habits afterwards?
We asked, and you answered. We want to thank all who participated and agreed to share their malware infection stories. It takes guts to come forward, but each of your contributions help better inform all of us, whether that’s by helping a newbie avoid a rookie mistake or preventing a veteran IT professional from being ensnared by cutting-edge criminal tactics.
While there were so many interesting stories to choose from, we decided to pick just a few to highlight infection methods past and present, various types of malware, and different approaches to solving the problem. [Editor’s note: These responses have been lightly edited for grammar and spelling.] Without further ado.
Cleaning up a floppy mess
This was a quite a few years back. A friend of mine worked for a bank as a security officer and the bank gave me this small tower computer for free. I had just started working on computers (had a small floppy disk drive). I could not get it to boot up. I used all my known floppy disks that worked in the past, but still could not get it to boot. So I ran the usual antivirus programs (Norton and McAfee), and lo and behold, they found the virus but could not clean it.
After researching the Internet, I found another program called Trend Micro and followed their instructions, making six boot disks on another computer. I proceeded to boot the infected machine. Well, it found and cleaned the virus, which turned out to be a boot sector virus (memory resident). It infects your memory chips as well as the BIOS. I have never come across another virus like this since. And I hope to never have to deal with these new ransomware infections. That is why I use and pay for Malwarebytes today and the past few years.
Special delivery: ransomware
I was expecting a long-anticipated delivery from Federal Express when a message, ostensibly from FedEx, appeared in my inbox, telling me there was a problem with my delivery. Naturally, I opened it and found that it included a couple attachments. The body of the email informed me that additional information on the status of my delivery would be available in the attachments. Even though both attachments had unusual extensions, I fell for it and clicked on one of the attachments. Too late. The virus encrypted a huge number of files and tagged them with a label called Osiris. Everything was backed up on the cloud so I didn’t pay, but it took days to restore my files. The next day, I purchased Malwarebytes and wiped the virus off my system. I should have made the purchase immediately because it takes hours and hours for the virus to work its way through the computer, encrypting files as it goes. It’s kind of like cancer: If you start treatment early enough, you can save yourself a lot of misery.
Total restore
It started with getting a message every morning that I could not send data. I started researching. My virus software was current and not reflecting any problem. My CCleaner would no longer work, and my computer was password protected. But I had virtually been locked out of using my computer. I no longer could change any settings, could not do a system restore, could not go into safe mode, the computer would not defragment—nothing. I could not change network settings; everything had been overridden, and I did not have permission to change anything. Even my email accounts could not be used. Many nights and weekends were spent [figuring it out]. I had to disconnect the Internet so no one could access.
Finally, Microsoft recommended Malwarebytes. I purchased and downloaded it. It Immediately found severe Trojans and viruses. Although it was able to contain and give me a little access to things, after consulting with an IT professional, I ended up having to restore my computer to factory condition. I had to purchase a lot of new software, but thankfully I had an external drive which I did not keep hooked up to the computer where I had saved all my important documents and pictures. Malwarebytes got me back on the road to recovery, so to speak, and I shared my story and recommendations to others.
Navy files for ransom
I was infected with ransomware a number of years ago when I was the national president of a US Navy organization. My whole computer was corrupted, and they sent me a link with instructions on how to recover my files. I notified the FAA about my problem, and they said do not pay. I called Microsoft for help and they wanted my desktop at their shop. They had it for 10 days. I had been backing up my system weekly, but kept my external hard drive on. I lost the files, but hope to recover them someday. I since backup weekly but unplug and turn off my new hard drive. I also purchased Malwarebytes on the recommendation of my computer guru, who has 35 years of computer experience. BTW, the instructions were to purchase bitcoins from Europe.
Rage against the ransomware
Roughly seven years ago, I got hit by ransomware. Everything, even the restore files, refused to load. It was everywhere and was demanding money. I had no idea what to do and neither did anyone else, including a computer expert. It was completely hopeless. My despair, grief, and rage over what had been done to me for no reason was useless against it. My wife at the time had not been hit, and she researched online to discover an answer recommending Malwarebytes. We followed the steps, and Malwarebytes wiped it out in less than one minute. Ever since, I have been a firm believer in Malwarebytes, and every computer I have had since then has used it. The peace of mind knowing I have the most powerful and, in my case, proven cybersecurity money can buy means my computer is one thing I do not have to worry about.
Social media psych-out
I was on Facebook watching video a friend posted. Then my screen went to a Microsoft page and said you’ve been infected with the Lazarus virus. At the same time, my phone rang. The web page asked if I wanted to talk to specialist, and before I could click it, the voice on phone said, “I’m from Microsoft, and we have taken over your computer. Let us fix your problem.”
I shut down my Facebook and did a free Malwarebytes and Avast scan. But it was too late: They had compromised my tower computer. I then took it to my computer expert. He installed a new hard drive and instructed me to buy Malwarebytes. He installed free Avast. I have no idea how they got my phone number or name. No idea how all this happened, but it wiped out all my sites and financials.
Roku scam
I have a Roku device on one of my TVs, and I installed a second device on the TV that my wife watches most of the time. I was having problems with the installation. (My fault, as I had mistakenly covered the sensor, and the unit was not responding to the remote.) After changing batteries with no results, I decided to call Roku. I got a number from Google on my cell phone, and hit dial. Instead of dialing the number listed, another number was dialed, and I got an operator (with a very hard to understand accent). She directed me to go to my computer, as she said that the problem was not with the Roku device but in my computer network. (I should have known better).
The operator then directed me to let her have control of my computer to see what the problem was, and soon stated that the computer was infected with ransomware. She showed me a screen that supported her claim that ransomware was present. She then told me that it would be $149 to fix the problem, and when I was hesitant, she told me it would be over $1,000 to fix it if I let it go. I hung up the phone and called a person who helps with IT problems, and he told me that it was a scam, and that I needed to run my Malwarebytes program to make sure that nothing was infecting my computer.
Fortunately, nothing was found. I also figured out my problem with the Roku, and it is fine. However, this goes to show how dangerous the environment is and how easily an unsuspecting person can be fooled and taken in by one of the scams that are out there.
Karma chameleon
One time, I got one from an email. Now, I usually am safe from that vector, but I had just installed WhatsApp earlier that day. The email, from everything I could see, seemed to legit come from WhatsApp. They were supposedly testing a new version of the app with video calling, and when I looked through the news, rumors abounded that they were actually doing that, and indeed as time has shown, they were. So, it looked totally legit from every angle I could find. I downloaded the file and installed it. Suddenly, my default search provider changed in all my browsers (Chrome, Firefox, Opera, IE, and Edge) to something I’ve never heard of before or since. I tried to Google search the provider, but all search engines other than them were now blocked. I looked them up on my phone and found out it was part of a virus. Oh boy, what have I done now?
Now the infection was in high gear, popping up error messages through Windows itself, telling me each of the programs I had open was allowing virus traffic through and closing them without my choice. Then it stopped allowing me to open any program. This included Malwarebytes. (Or so they thought.)
Eventually, it really went nuts and restarted the computer to install a rootkit. I got it to start up in safe mode without networking in case it was receiving instructions from somewhere else. This did slow it down for sure. Then I pulled the trump card: Malwarebytes Chameleon mode. It opened a help file instead of like a program. It found the culprit, including the rootkit. It got the whole infection in one go. I was almost back. This time when I restarted, I did so in safe mode with networking. Then I opened all browsers and removed the new homepage and search engine, setting them back to how they were supposed to be. No trace left of that malware. Thanks, Malwarebytes. You earned my money that day for sure. You saved my bacon.
The post Roundup: your malware infection stories appeared first on Malwarebytes Labs.