Unfortunately I have been
the subject of a malvertising attack on my desktop computer. The good news as far as I can tell is that it
has not caused any lasting damage, apart from on my nervous system, as I
fretted about what the attack would cost me.
The attack came about because I was visiting one of the popular porn
sites known as “xhamster”. The first I
knew about the issue was when a popup displayed stating that my browser (Google
chrome) had been locked and that I needed to deposit £125 payable by
Paypal. Obviously at this point my heart
sank and I thought my computer had been affected by ransomware. Fearing the worst, and, in a state of panic,
my first action was to close the browser, which I did by right clicking the
Google icon in the taskbar, and, selecting the close window box. To my surprise the browser shut down leaving
the normal windows desktop. I have the
free edition of Anti Virus Guard (AVG) installed on my desktop, which I then
preceded to update the virus definitions for the latest ones. After completing this I disconnected my
internet connection via the taskbar icon, and, ran a full scan of the computer
using AVG. This took nearly three hours
to complete, but gave the PC a clean bill of health, stating that no threats
had been detected. Luckily by this time
it was Friday night, and, I was due to go out, so I shut my computer down and
left it there.
The next morning, the issue
was still playing on my mind, so I researched it on my mobile phone. Low and behold there were quite a few
articles about “xhamster” being the target of a malvertising attack. You may at this point feel that seeing as I
was visiting a pornographic web site I deserved everything that I encountered, but
let me inform you that “xhamster” receives in excess of 250 million visitors
per month, and, that porn sites take their security very seriously, and, tend to
be some of the safest websites available.
In addition this malvertising attack had been previously used on other “normal”
websites including Yahoo, and, Ebay. The
articles I read described how the attack was due to some rogue advertising
which contained malicious code that sought to take advantage of vulnerabilities
in the Internet Explorer web browser. As
I was using Google chrome I just received the pop up messages asking me for
money to unlock my browser. It turns out
that these messages themselves were not directly viruses, however, if I had
clicked on any of the buttons in the pop up messages this would have opened my
computer up to a virus infection. The
article stated that in the event of a web browser infection the first thing to
do is to press “control, alt, and, delete”, to start the task manager, and,
then close the web browser from there. In
hindsight firstly I would also disconnect the internet connection, either
physically, or through the task bar icon, just as a precaution to save your
computer any further communication with the outside world.
Due to my paranoia I have
since the attack run a number of antivirus programs on my computer to see if
they can find any trace of a virus on my PC.
I have listed these below, and, all are free to download from their respective
publishers.
Anti Virus Guard (AVG) – this is the one that I normally have running on my
computer. It didn’t prevent the initial
web browser attack, however, afterwards it confirmed my PC was not infected
with a virus. If a virus had started to download
I would have hoped it would have detected it.
Malwarebytes Anti Malware – Although I did not have this at the time, I have
since downloaded it. This again provides
a sweep of the PC to check for any suspect files. Fortunately when I ran it, no threats were
detected.
Malwarebytes Anti Exploit – I did not have this at the time of the attack, but
again have since downloaded it. This is
a very interesting one as it monitors your PC in real time searching for
suspicious activity when browsing the internet.
From the information I have read, if this had been running on my computer
at the time of the attack, it would have protected me from it. This software focuses on what is known as “zero
day” vulnerabilities, which means it is constantly trying to detect new threats
that are emerging, where as some of the anti virus programs only detect the
established virus programs.
Microsoft Security
Essentials (MSE) – Another anti
virus program from the mighty Microsoft Corporation. Beware that if you do a full system scan
using this program it can take between 9 to 12 hours to complete depending on
the number of files you have installed, so start it early in the morning. I am running this at the moment, with three
hours having elapsed, and, it is only a quarter of the way through!
As I mentioned all the above
programs are free to download, and, well worth doing so. If you can afford to subscribe to their
services then this I believe is well worth it for the piece of mind. Just as an aside, I ran all of the above separately
one at a time. Do not run them all at
once as they may conflict with each other.
Also only download them from their respective websites, do not attempt
to download through any third parties.
This also applies to any pop up messages you may receive telling you
your system has been infected and you need to click on a link to download an
anti virus removal tool, which in itself could be a spoof just to try and
infect your system.
I hope you have found this
article of use and food for thought. The
whole issue of virus, malware, and, ransomware I believe is to a certain extent
shrouded in mystery. There does not seem
to be any plain english definitive guidance on how it affects your computer,
or, how anti virus programs work to protect you. If you are aware of some comprehensive
information, then please let me know. In
the meantime take care to regularly update your programs for new versions, and,
make sure you have downloaded one of the anti virus programs (free or otherwise),
in particular the “Malwarebytes Anti Exploit” that should keep your web
browsing safe.
No comments:
Post a Comment