The Anatomy of a Virus Infection

Once upon a midnight dreary, while I pondered, weak and weary,
Over many a quaint and curious cat video-

While I nodded, nearly sleeping, suddenly there came a beeping,
As of some one gently pinging, pinging at my PCs back door.

“‘Tis some website,” I muttered, “pinging at my PCs back door
Only this and nothing more.”

We’re going to cover some of the more in depth and technical sides of virus infections here, we’ll do our best to keep it low tech but apologize in advance if it’s too technical.

With scary being the theme here we’re going to talk about the scariest kind of virus infection, the drive by download. These are infections that come from simply visiting an infected site, most commonly by clicking a bad link or miss-typing the address you’re going to (ex. No pop-ups, no clicking the wrong thing just instant infection.

What delivers the virus like this? An exploit kit. How do they work? As soon as you land on the infected page the exploit kit checks your computer. It checks what browser you’re using, what add-ons you’re running, it also checks for the version of your browser, flash, java, silverlight, etc. It does this to find a weak point on your system. Then it will take advantage of whatever out of date software it finds that allows it to directly install it’s payload (the virus) to your machine.

Now you’re infected. What’s next? The once popular approach was to lock down your system, pretend to be a government agency and demand money in lieu of legal action taken against you. The problem with this approach is that while some people did send in money, most people knew better and would get their system cleaned for less than the ransom demanded to unlock the machine.

That form of ransomware has, for the most part, gone away. The latest virus to infect machines now does something far more scary, it will encrypt all of your files. This means all of your files are locked with a very specific alphanumeric key, without that key there is NOTHING you can do to access your files. Hopefully at this point you have a backup because without it there is really nothing that can be done without the key. Unfortunately there is also nothing we can do either.

One interesting thing we have found is that with the old ransomware even if you paid they wouldn’t clean or fix your machine, they would leave you with a broken machine. Now what we’re seeing with the new crypto/encryption ransomware is that if you pay there is actually a good chance they will send you the key. This encourages people who are infected to pay the ransom because there is a chance they will get their valuable data back. But you are dealing with criminals so if it doesn’t go your way, you have absolutely no fall back position.

The best solution of course is to have a good backup plan before anything goes sideways. Our Secure System Plan is designed to protect you from both the viruses and the potential for lost data by setting up a cloud based backup. Like any insurance it is a great buy before you need it!

computer viruses – about virus infections –
Tagged on: