I’m trying to figure out how I got infected by the FBI Virus. I use AVG’s free antivirus program which seems to get a lot of good ratings and I am very careful where I go on the Internet. I don’t have any kids and I’m the only one that uses my computer. Any thoughts?
This question was answered on May 3, 2013. Much of the information contained herein may have changed since posting.
The FBI virus (a.k.a. the MoneyPak virus) is what we call ‘ransomware’ and its become the most pervasive infection that we’ve seen in many years. It’s become so successful at extracting money from frightened users that localized versions of the scam are appearing in most other industrialized countries.
What started out being a fairly simple infection to clear up a year ago, has become a major undertaking if you get hit with any of the current variations.
The intensification of the infection has come from the widespread publication of ‘fixes’ on the Internet that the authors of the malware are constantly monitoring. Whenever a fix is published, a work around is added to the malicious code so that future infected computers won’t be able to use the fix.
There are at least 8 generations of this particular scam and each one has become progressively more difficult to remove, so figuring out how you contracted it is
Before I explain the known ways of becoming infected, let’s make sure you understand how powerless any anti-virus program is when it comes to these types of infections.
First of all, if you download a program that has a hidden Trojan horse inside of it or fall for one of a thousand social engineering tricks to get you to install something on your computer, your antivirus program has little chance of protecting you from unknown threats.
More commonly, your antivirus program can’t do a thing for you if you don’t keep the rest of your system updated. Your operating system as well as common tools such as Java and Adobe Flash have to be kept up to date so your antivirus program can do its job.
Think of it as a security guard at the entrance to your house; unless your backdoors and surrounding fences are properly secured, it’s nothing more than the appearance of being secure.
We do know that exploiting unpatched versions of Java is one of the many ways that the FBI virus is hitting folks. As I’ve suggested in the past, if you don’t really need Java, removing it will instantly a common exploitation channel.
Another way that you can get hit is when a legitimate website gets compromised and all of their visitors are silently probed for known holes that haven’t been patched yet.
This is becoming more common and explains why so many average Internet users that never access adult content, file sharing sites or any of the other recognized high-risk activities are being hit.
One common trend we are seeing in our stores is the vast majority of the infected machines are using some form of free protection.
This choice on its own isn’t the problem, but the free programs all assume that you will keep all the other areas of your computer protected.
Companies that charge for protection tend to take a bigger view of the situation and incorporate additional layers of prevention knowing that most people just aren’t that diligent.
Our current choice for our customers is Trend Micro’s suite of protection because they do something very clever. They incorporate a secondary cloud-based layer they call the Smart Protection Network that doesn’t require its users to update their local protection in order to be protected on fast moving threats.
Even with all of the sophistication that the Trend Micro suite or any other protection package offers, there is still no way to stop unknown threats.
That’s why we must all get more disciplined on removing unnecessary tools and keeping everything on the computer updated so our protection software has a chance to save us!
About the author
Posted by Ken Colburn of Data Doctors on May 3, 2013