Every night for the past week I have been trying to rid my in-law's computer of malware that has gone undetected by just about every anti-virus, anti-spyware/adware, and anti-rootkit scanner that I can throw at it, and yes, I ran all the updates.
Not wanting to give up, I started to delve into the malware world to find out what the bad guys are up to these days. I discovered that malware isn't as easy to detect and fix as it used to be in the good ole days when you could run a scan, find the problem, disinfect the computer, and be on your merry way.
I also learned that cybercriminals have developed new classes of sophisticated malware such as rootkits that can be inserted into low-level drivers that load prior to your PC's operating system. Some rootkits can even be inserted into the computer's firmware, making them extremely hard to detect and remove even after completely wiping and reloading the computer.
What is the motive behind the creation of all of this malware that we are constantly bombarded with? The answer is simple: greed.
There is a new economy on the internet, and it's all about bad guys getting paid to infect computers. Control and use of the infected computers is sold to other criminals. Once purchased, the criminals use the infected PCs for whatever purposes they see fit. The hacked computers may be used in bot nets to attack other systems, or the victim's data may be harvested so that the criminals can steal their credit card information or other personal info useful for identity theft, blackmail, extortion, or other bad things.
It all starts with affiliate marketing programs run by malware developers who pay anyone who is willing to infect or "install" their malware to a large number of computers. According to Kaspersky's Securelist site, malware developers may pay affiliates $250 or more per 1000 PCs that their malware is installed on. Each affiliate gets an ID number that is embedded in the installed software. The affiliate ID number makes sure the bad guy that installed the malware on the victims' computers gets credit for the installs so that the malware developer can keep track of how much money to pay them.
It can be extremely lucrative for the criminals running the affiliate marketing program as well as the people who are willing to install their malware to thousands of computers.
Let's imagine an example:
If I'm a developer of malicious fake antivirus software and I pay my affiliates $250 for installing my malware on 1000 PCs, and I charge unsuspecting users $50 to remove the fake virus that my software claims to have found on their computers, even if only a quarter of the users fall for the scam and end up purchasing a license of my software, I would clear $12,250 after I pay off the affiliate.
Hold on, the money doesn't stop rolling in there. If I embed other malware into my fake antivirus program as a bundle and it gets installed, then every time my software is installed, I make even more money as an affiliate of the other malware developer, since I bundled their software with mine.
As most infomercials say: "but wait, there's more", I can also turn around and sell control of those 1000 computers that my software was installed on and make even more money from people who want to use them for bot net attacks or other malicious purposes
Your probably saying to yourself: "My antivirus software is top notch, I keep it updated, and I run scheduled scans and everything is in the green. I'm safe, right?"
I wish I could give you a pat answer and reassure you, but after the week I've spent trying to rid my in-law's computer of malware, I can say that no one is safe just because they have updated anti-virus. The bad guys are extremely vigilant and creative when it comes to developing new ways to fool anti-malware scanners into thinking that all is well and right with your computer.
I scanned my in-law's computer with no less than 5 of the top anti-virus and anti-malware scanners and had different results each time. None of them were able to fix the rootkit that is currently still on their computer.
An old boss of mine once said "Don't bring me a problem unless you bring a solution with you" so here we go, here are some tips on what to do about serious malware infections:
1. Look for warning signs of a possible undetected malware infection
If your browser is getting constantly redirected to sites that you did not request or if you notice that your computer won't let you start applications or perform basic functions such as opening the control panel in Windows, then you might have undetected malware.
2. Get a "second opinion" malware scanner
There is a high likelihood that your main anti-virus / anti-malware scanner may not catch all infections. It's always best to get a second opinion from a scanner that may be looking for malware using a different method. There are many free malware scanners that can detect things that aren't traditionally covered by regular anti-virus scanners. One that I found to be effective is a program called Malwarebytes(free version available). Do your research before installing any purported anti-malware software to your PC to avoid loading a malicious fake anti-malware product by mistake. They can look very convincing so be extra careful.
3. Seek expert help if needed
There are some excellent free resources out there for people who believe their computer is infected by something that is not being caught by their virus or malware scanners. An excellent resource that I used was a site called Bleeping Computer. They have active forums with helpful techs that guide users through the process of ridding their computers of infection. They also have links to many legitimate malware scanners and other great tools.
4. If all else fails, backup your data, and then wipe and reload.
Some malware infections, like the one on my in-law's computer, are extremely stubborn and just refuse to be killed. If you want to be extra sure you removed the infection you need to backup all your data and do a wipe and reload from trusted media . Make sure you check for rootkits with a anti-rootkit scanner when you reinstall your operating system.