BleepingComputer.com: Spyware / Malware / Fake antivirus PREVENTION???

On a daily basis I service many clients that have XP/Vista/7 machines that are fully patched, updated and have the newest version of the browser of their choice, newest JAVA, newest FLASH, newest READER and they still get struck. What is going wrong?

Lots of information at the following links: How did I get infected? With steps so it does not happen again! and Answers to common security questions: Prevention & Choosing an Anti-virus or Firewall

The best defense is an informed user using good computing habits.

Animal, on 14 December 2011 - 01:19 PM, said:

My users claim they go to somewhere such as cnn.com and it just "happens", while I find that hard to believe... but I guess it isnt out of the question banner ads are being poisoned?

Yes, legitimate sites have been known to be infected, also random clicking on ads is dangerous too.

Customers are tired of hearing there's no prevention other then user caution, it's annoying that the only solution for the careless user is buy a mac.

Macs are not bullet proof either, just not as targeted. Larger the user base, the bigger the pool of potential victims. Criminals are lazy by nature. It's all about the easy score then move on.

More about malicious ads in How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.

I understand why it happens, but a surefire way to prevent it would be nice... you can update everything you want, try every browser known to man and run whatever combination of security software you desire... the average consumer will still be infected time and time again.

I'm sure you understand but your clients probably don't. They need to read the articles we have linked to.

Quote

depend on the seucrity setup

you can use shadow defender

or sandboxie paid with force sandboxed web browser

Starting with version 6, avast! offers several new protection features to include WebRep and AutoSandbox. avast! Free Antivirus 6 does not include the full Sandbox module or its enhancements.

AutoSandbox automatically places programs into a virtualized state when it suspects them of being threats. This helps to stop suspicious programs and prevent them from potentially damaging your system while allowing them to run. AutoSandbox permits programs (processes) to run, while keeping track of which files are opened, created, renamed, and what is read or written from the Registry. Since these types of changes are virtualized, when the process terminates itself, the system changes it made will disappear and not have any affect. For more information about this feature, how it works and how it differs from avast! Pro and avast! Internet Security, please refer to avast! 6.x: Using the AutoSandbox.

I can't find any stats showing how effective the AutoSandbox is. What I do know is that our Malware Removal forum has plenty of avast users requesting help to remove infections.

Well I never get infected, so it's hard to believe they simply went to msnbc or facebook and BAM!@# infected... sure, it's great revenue to be able to have the ability to remove the infections fully but after awhile you just start to feel bad for the people that tend to get it 1-2x a month.

Quote

Social networking sites can be a significant security risk which could make your computer susceptible to malware infection. As with gaming sites, users visiting MySpace, YouTube, Facebook...are exposed to innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Even using Instant Messaging clients can also present a security risk.


Using Facebook can be hazardous to your computer.

• Facebook Password Reset Scam Threatens Computers Worldwide
  
• New Spam Targeting Facebook Users Is Invisible to Most Virus Scans
  
• Password-stealing virus targets Facebook
  
• Koobface Worm Attacks Facebook and MySpace Users
  
• New Variant of Koobface Worm Spreading on Facebook
  
• Details of 100 million Facebook users published online

Using YouTube can be hazardous to your computer.

• 'Storm Worm' Exploits Youtube
  
• Malware goes to the movies
  
• YouTube Targeted By Malware Writers
  
• Malicious videos open dangerous attack vector (to YouTube and MySpace users)
  
• Digg Hackers Strike Next at YouTube
  
• Fake YouTube Pages Infect Users With Malware

Using MySpace can be hazardous to your computer.
Virut file infector found on MySpace user pages
Koobface Worm Attacks Facebook and MySpace Users
MySpace Pages Rigged with Bad Script
Facebook and MySpace Viral Social Networking Spam
Phishers Drop MySpace Bait
Maximus root kit downloads via MySpace social engineering trick
Hackers Exploiting Facebook, MySpace Plug-ins
MySpace malware poses as Windows update
MySpace Hacks Predate Recent Hijack of Alicia Keys Site
MySpace Attacked by Flash Worm
Ad-based Trojan hits MySpace, Bebo and others
Dangerous Malware Detected through Flash Advertisements
Banner Ad Trojan Served on MySpace
QuickTime exploit steals MySpace passwords
QuickSpace: MySpace Tracker Launch by QuickTime
New MySpace Nasty
MySpace Pushing Ads for malware: WinAntiVirus, Drive Cleaner
New MySpace Phish using CSS
Myspace Users Hit By Hacker Virus
Myspace Ad Served Spyware To A Million Computers
Phishing Attack Targets Myspace Users
Myspace Xss Quicktime Worm
Myspace Phishing Alert
Malicious videos open dangerous attack vector (to YouTube and MySpace users)
Zango Adware Found On MySpace
Bogus YouTube clip on Myspace installs Zango Cash
180solutions Jumps In Bed With Myspace

Using Instant-messaging clients can be hazardous to your computer.

• Security Issues of Instant Messaging
  
• Dangers of using IM increases
  
• Instant Messaging Viruses

didn't know that youtube videos can be malicious
so a hacker can craft a malicious video and upload it to Youtube it would still be malicious on youtube ?
i thought that youtube will re convert the video so it can't be malicious

anyway cool post quiteman really informative

@ ranget Please read what quietman7 wrote again. He did not say create a malicious video. He said a banner ad on the youtube site.

Quote