"The Internet is Infected" - 60 Minutes

"The Internet is Infected" - 60 Minutes

60 Minutes is a great show, for the most part (and let's not forget it has Andy Rooney!), but a report Sunday night on the Conficker worm titled "The Internet is Infected" is probably the definition of hyperbole.

The report, a full transcript of which is here, and a video below, was designed to alarm, and I'm sure it did. The title alone is alarming, but what it doesn't address, and what the report fails to mention is the following:
  • Conficker only affects Windows PCs
  • It exploits a vulnerability in Windows that Microsoft patched in October (in an emergency patch, no less). If you have patched your PC, you are safe.
  • If you are running a current, up-to-date antivirus (AV) software, you will be safe, for the most part.
  • If you aren't running running an antivirus application, or are running one that's expired, there are standalone programs by reputable vendors such as McAfee that will remove Conficker.
Conficker.B was detected in February and added the ability to spread through network shares and via removable storage devices, like USB flash drives.

Conficker.C, which surfaced earlier this month, is set to receive instructions, download an updated copy of itself, or other malware on April 1st; security vendors aren't sure just what.

We have to admit, there was useful information for those (like some friends we know) who simply don't understand the threats that are out there and the need for effective antivirus software (at least for Windows PCs, more on that later).

In fact, Lesley Stahl spoke to Steve Trilling, a Symantec vice president. He said (and it's true) that too few people have up-to-date security software:

"As soon as you clicked on that link and you had security software, you would immediately get an alert. 'This is a bad Web site.' And it would have blocked the attack. You would have never been hit. Putting on that software, you’re preventing yourself from becoming a victim."
On the other hand, the report later told the story of Mary Rappaport, who apparently had AV software and a firewall, and yet had her system compromised to the point that they were able to get into her bank account, even after she changed the password.

A key logger perhaps? If so, how was she infected with up-to-date AV software?

Well, that's the problem with AV software and why we earlier said "for the most part" in terms of AV protection: it relies on virus signatures and if something new comes on the scene, it may not be able to detect it. That's why an AV program with strong heuristics to detect previously unseen malware. The downside: a potential for false positives.

Some people (like us) run multiple layers of protection, including anti-trojan software in addition to antivirus software.

As we previously said, this is a Windows only problem, and many Mac users tend to crow about it. The reason the Mac is, heretofore, invulnerable is that there are simply many more Windows users than Mac users. When trying to target a group of people, you go after the biggest group.

But with the recent upsurge in Mac adoption, that may be changing. Mac users need to be a little less cocky than they currently are. While Macs aren't currently a large target of hackers, they are not inherently safe: witness the fact that a researcher hacked into a Mac in 10 seconds during a contest at a recent convention.

Watch the 60 minutes report:
0
+ -

Ya know, this piece is definitely a bit over the top in many spots but frankly it's what "John Q. Public" needs to wake up and smell the coffee about proper computer security.

So let me ask you... As our readership, you are likely power users on the leading edge of the curve with respect to issues like this. How many times have you had to bail out a family member, relative or friend from a computer that was so hacked-up and virus laden that it was barely operational?

I've had to on several occasions and will likely have to again not so far down the road. While this 60 Minutes piece is pretty sensational in spots, I think there is a good percentage of the population that hasn't followed our good Tech Writer, Mike Santo's steps here above to secure their machines.

Unfortunately, especially with computers, common sense isn't all that common sometimes.

0
+ -

My sister was recently a victim of a cyber attack. She had some spyware/virus on her machine that pretended to be an alert saying there was a virus she could only clean up with a specific AV (which turned out to be more soyware/virus), antivirus 360 or something of that nature. She unfortunatley bought the fake AV, giving them her credit card info, and probably all sorts of stuff on her computer. I had her report it, clean her PC, get Avast, change all her passwords, and cancel her credit cards. "Unfortunately, especially with computers, common sense isn't all that common sometimes." -very true, and unfortunate. My sister clearly didn't have an updated AV running on her computer. Everytime I go home I clean tons of bloatware/spyware off everyone's PC. Troubleshooting through IM is not a fun route if the end user is not knowledgable.

0
+ -

Antivirus 360 / Antivirus 2008 / Antivirus 2009 are all the same basic app - Malwarebytes cleans them easily if they are caught soon enough

0
+ -

just don't go to milicious sites and you'll be fine, damn!

0
+ -

yep had my share of clean ups. funny thing is after people experience it and you explain it to them they become overly paranoid. My rule of thumb is never click on any internet explorer pop up even if it's for an AV or security feature. I update my software every time before I do a scan so if I needed any update it would do it then. I wish I had a dollar for every pop up I have ever gotten saying your comp is infected would you like to install said AV to clean the infection. I don't even click cancel I use task manger to close it out and then run the utlilties I already have.

0
+ -

kewlncguy:
Antivirus 360 / Antivirus 2008 / Antivirus 2009 are all the same basic app - Malwarebytes cleans them easily if they are caught soon enough

This is most often the type of infections that I have seen from clients lately....probably about 3-5 per day come in for repair

0
+ -

to my knowledge I have yet to get any..

0
+ -

It's about 70% of our business at Geek Squad....virus/malware removal that is; most often people just like to explore EVERYTHING and don't have the mentality that "its too good to be true...." in their brains.

click here for free scan! download free antivirus! --- everyone seems to love to click on ads like this...

Also software firewalls are B.S. as they cause more issues than they help -- get a router just for a HW based firewall if nothing else...up-to-date A/V means actually updating it not just having it on your PC.

BAH!! it just drives me crazy that people don't even seem to TRY in a lot of cases

0
+ -

I agree with the sentiments of the article. I saw part of the 60 minutes piece but couldn't even make myself watch the whole thing. It reminded me of how everyone of my relatives was coming to me pre-y2k, panic'd out of their minds while I was explaining to them that nothing significant was going to happen.

0
+ -

We have about 40 servers / 30 domains / 500+ workstations that we manage for our clients and I have been verifying current definitions, and doing Nmap scans all day. We are also doing a wide scale full scan on all machines after hours tonight. Better safe than sorry.

0
+ -

When my wife and I got our first computer, it was a hand me down from her son, who works at Intel as an engineer of some sort. 

Well , being a smart person, I thought I knew all about keeping our machine safe!

What a dumbass was I! 

We had every known virus, worm, trojan, malware, spyware, keylogger... well you get the point.

In the end we trashed the machine and got a new one, back in 2001. Still works very well but we probably need to upgrade soon. Very well protected as we learned our lesson.

0
+ -

Some one recently gave me a laptop and said it was "infected or something", when I went to work on it I found 63 viruses/trpjans, and over 700 other pieces of malware. All I could do was laugh.

0
+ -

better update those anti virus softwares and have a real time scanning..

0
+ -

I woke up to CBS newsradio this morning and heard someone telling folks how to tell if youve been infected with it. she said if you have it you won't be able to get to computer security websites on your computer. A good public service announcement who would have thunk it..

Login or Register to Comment
Post a Comment
Username:   Password: