Lottery Post Journal

Excellent videos demonstrates how a PC virus works

This is a fantastic demonstration of how a virus works -- what it looks like, how it fools you into downloading and installing it, and eventually how it gets your money.

This video is a recording of the latest virus/malware going around, nicknamed "LizaMoon".  There are thousands of these things floating around the Internet, this one is just getting the attention right now.

Keep in mind all the security windows and warnings you see in the video are FAKE.  When the announcer says, "Here's Windows security center...", you have to remember he means here is the VIRUS PROGRAM that is faked to LOOK like a Windows security program.

Watch the video, and decide for yourself at what point you feel the guy makes the "wrong click".

The program you see in the beginning is called "Fiddler", and is just a developer's tool that allows you to see individual files that get transferred over the network as a web page loads.  (A web page is made up of dozens or hundreds of files, so it allows a developer to see each and every one, and track their progress.)  If this concept is sailing over your head, just ignore it.  It's not really important.

 

My Analysis:

Note that the first clue you should have when watching this is the appearance of the "virus warning".  It does look like a typical Windows scan is happening, because they obviously used some nice fake graphics, but one thing is wrong:  It does not appear in the right place!

If you have taken my past advice to use Microsoft Security Essentials for your virus protection, any legitimate virus message would appear in the lower-right corner of your screen, just above the clock.  It would NOT appear in the middle of your screen.

So the first mistake the person makes is to look at that warning message and jump to the incorrect conclusion that it is a real message.

What should they have done?  Close all browser windows immediately, and then restart the browser.  If you are really concerned, then reboot Windows rather than clicking the wrong thing.

The second error (and the one that sinks the ship in this case) is when the Windows box comes up asking if you want to save or run the file it is downloading.  That's actually a legitimate warning message, and it's the last chance you have of escaping without getting nailed.  If the guy in the video clicked "Cancel", they would have been fine.  Choosing the option to execute (or save and then execute) the file is where you put the virus on your own PC.  Up to that point, Windows was actually protecting you, and you were looking at some clever graphics that didn't actually harm your PC to that point.

Then after the thing installs and you reboot your PC, the virus becomes deeply embedded in your system, as you can see by the fact that it started running even before the Windows Desktop showed up after rebooting.

I hope this is educational, and keeps you from making a similar mistake!

5 Comments:

  • Thanks that is very helpful.

    By sully16, at 4:28 PM

  • It disables MSE, MRT, and clears all restore points prior to the time of insertion.

    By jarasan, at 9:10 PM

  • So what do you do? If it is IN? Malwarebytes has some solutions eg. http://www.malwarehelp.org/xp-security-tool-2010-analysis-and-removal-2010.html

    P.S. They get installed because of what I call "noreadclickitis".

    By jarasan, at 9:48 PM

  • @Todd

    Fully agree with you. A person should become familiar with whatever security software they have, so when a fake window pops up, they can recognize it as fake.
    ======================================================

    @jarasan

    I recommend that everyone have Malwarebytes. Also, an online scan is recommended when a virus/trojan/malware get through your normal defenses.

    Those things are so much smarter than they used to be. Many replicate and have random filenames.

    By truecritic, at 10:50 PM

  • Over 1.5 million machines have been infected, made the meanstream media.

    By jarasan, at 10:40 PM

Post a Comment

<< Home