TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Malware

Tips To Protect Your Business PC From Malware

Michael Menor is Vice President of Support Services for Tech Experts.

In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day, there’s a new data breach in the news involving a well-known company and, quite often, fresh rules for protecting personal information are circulated.

Because of malware in email, phishing messages, and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.

Phishing activities are especially pervasive, including attempts to steal users’ credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite.

Why? More than 70% of people will follow the link to a phony website and, of those that followed the link, 30%-50% will routinely give up their usernames and passwords.

Many like to think of the network perimeter with all its firewalls and other fancy technologies as the front line in the cyber war, but the truth is there’s a whole other front.

Every single member of a company’s staff who uses email or the Internet is also on the front line and these people are generally considered a softer target than hardware or software. It’s simple: if the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls, basically appearing as if they belong there.

When using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment.

c471994_mAs a result, even if an organization has made an effort to improve a system’s security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.

As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But, as a rule, using a work computer for personal reasons or doing work on a personal computer (or tablet or smartphone) can significantly increase the threat level that an employer has to protect itself against.

To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:

Beware of downloads
Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.

Additionally, be sure that antivirus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites.

This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.

Be wary of deceitful sites
Those running sites already breaking the law by illegally distributing copyrighted materials — like pirated music, movies or software — probably have no qualms about including malicious content in their downloads or stealing information.

Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous.

And if the browser doesn’t give a notice, the antivirus software may provide that function. Heed the alerts!

Employees need to protect their devices from online and in-person threats. Start by keeping the company’s system patched. Configure it to automatically apply updates or issue notifications when there are updates and then apply them as soon as possible. This doesn’t just apply to the operating system.

Keep all installed applications updated; sometimes this takes a little extra work.

Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors, but leaving the basement window wide open.

To that end, security professionals like to debate the usefulness of today’s antivirus software. And it’s true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use antivirus software and keep it up-to-date.

Also, use a software firewall, either the Windows firewall or one provided in an antivirus package. This is especially true for laptops connected to public wireless access points at hotels or coffee shops, but it also applies to home systems. It just provides that extra layer of defense.

And finally, please, don’t ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.

(Image Source: iCLIPART)

Top Tips To Avoid A Virus Or Malware Infection

by Michael Menor, Network Technician
Malware is short for “malicious software.” It includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent.

These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware
Scam artists try to trick people into clicking on links that will download malware and spyware to their computers, especially computers that don’t use adequate security software. To reduce your risk of downloading unwanted malware and spyware:

Keep your security software updated. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS) to update automatically.

Don’t click on any links or open any attachments in emails unless you know who sent it and what it is. Clicking on links and attachments – even in emails that seem to be from friends or family – can install malware on your computer.

Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.

Minimize “drive-by” downloads. Make sure your browser security setting is high enough to detect unauthorized downloads. For Internet Explorer, for example, use the “medium” setting at a minimum.

Use a pop-up blocker and don’t click on any links within pop-ups. If you do, you may install malware on your PC. Close pop-up windows by clicking on the “X” in the upper right-hand corner of the title bar.

Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.

Talk about safe computing. Tell your kids that some online actions can put the computer at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails, or posting personal information.

Back up your data regularly. Whether its text files or photos that are important to you, back up any data that you’d want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

  • slows down, crashes, or displays repeated error messages
  • won’t shut down or restart
  • serves up a barrage of pop-ups
  • displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

  • new and unexpected toolbars
  • new and unexpected icons in your shortcuts or on your desktop
  • a sudden or repeated change in your computer’s internet home page
  • a laptop battery that drains more quickly than it should

Get Rid of Malware
If you suspect there is malware on your computer, take these steps:

  • Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
  • Update your security software, and then run it to scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.

If your computer is covered by a warranty that offers free tech support, contact the manufacturer.
Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem.

  • Tech Experts offers technical help on the phone, in our office, or in your home or business, based upon what is most convenient for you.

Telephone and online help generally are the least expensive and most time efficient, but you may have to do some of the work yourself. Bringing the computer to our office is usually less expensive than having a technician visit your business or home.

  • Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do differently to avoid it in the future.

 

Malware: What Does It Look Like And How To Prevent it

By Tech Experts Staff
The most common issue among users for both home and businesses alike are malware infections.

While malware is a generic term for malicious software, the fact is all malware slows your computer down and brings potential security risks along with it.

Malware can be anything from viruses, trojans, and spyware to “PC Optimization” programs that really do your computer more harm than good.

While some are more serious issues than others they all have negative effects on a workstation or a server so they all need to be taken seriously.

What does malware look like? In most cases an unusual window will open up, something you do not recognize.

Many times malware looks like the speed up your pc programs or could even be designed to look as if it’s antivirus software. It is very common to see software like this requesting credit card information to purchase the software and remove the so called infections.

Do not ever give credit card information out on your computer unless you’re absolutely certain it is a program you’ve downloaded and setup.

One example is your antivirus software will sometimes let you extend a subscription that is expiring via credit card.

“How can I even get a virus, I have antivirus software installed?” This is the single most common question we have from clients that come in for virus infections on their computers.

It is a common misconception that antivirus software means you cannot get a virus. The fact is antivirus software is strictly preventative.

The way antivirus software works is the antivirus vendor makes a virus definition based off of a virus. This definition is what allows the antivirus software to find and stop viruses from infecting a computer. That being said, someone has to get infected before the antivirus companies have an example virus to make a definition for.

Due to this everyone, whether they have antivirus software or not, are susceptible to viruses.

The difference between someone with antivirus software installed and someone that does not is that the person with it installed is not susceptible to infections after a definition has been made, while the other is.

“If antivirus does not completely protect me then how do I keep from getting viruses?” This is the follow up question we always get. For starters, safe browsing habits help to greatly reduce the chances of getting a virus infection.

Do not click on ads. The most common place for someone to get a virus is the ads on websites like Facebook that are very appealing and tend to catch users eyes.

Another thing that can be done to reduce the chance of infection or at least the severity of it is to use a standard user account. Society as a whole has a bad habit of always using the administrator account on a computer for everything they do.

The problem with this is that if a user does download a virus, the virus is now working on an account that has full privileges to the entire computer versus an account that only has permissions on a very small part of it.

Aside from having good browsing habits the best thing you can have on a workstation or a server is a high quality antivirus. Paid antiviruses tend to offer other features to help further protect your computer. We sell a Managed Vipre Antivirus that has very high detection rates and is business grade software. It is very light weight and does not slow down computers.

If you are interested in looking into our antivirus solution to help protect your business or residential computers let us know.

The Best Ways To Protect Yourself From Malware

By Tech Experts Staff
Users who bring their computers in to repair malware infections invariably ask the same question: “Why didn’t my antivirus stop me from getting viruses?”

So, you’re probably wondering, “If having antivirus software on my computer won’t protect me from viruses, what will?”

The fact of the matter is that while computer users are told they have to have antivirus on their PCs or risk getting infection, a machine can still get a virus despite antivirus software being installed.

Antivirus not foolproof
Antivirus software is designed to help prevent your system from becoming infected, but it isn’t foolproof. Antivirus software is constantly updated, but can be out of date for hours or even a day or two when a new infection is discovered.

Virus definitions are used to detect viruses and prevent them from gaining access to your computer. Automatic updates in antivirus software like Vipre download the updated definitions to protect your computer.

It’s the time period between when a new virus or malware is released, and the software companies can update the definitions, that your system is vulnerable.

How to protect from malware
Although no antivirus software, even the most expensive versions, offers guaranteed virus protection, antivirus software is a must have. We’ve seen a number of infections where clients have said that they were on legitimate sites at the time the infection hit their computer.

Even legitimate websites have the chance of malware being coded into them by hackers, causing that website to send the malware onto your computer.

So, the absolute best thing you can do is to have antivirus software installed.

The next best step is to be cautious about what you are looking for on the Internet. Many times, users looking for “free” items on the Internet don’t suspect that they might as well be searching for free viruses.

Hackers are crafty – targeting people looking for free downloads is an easy way to spread an infection.

Some of the most common risky items to search for are “screensavers,” “free games,” “work from home,” and “taxes.”

With the search terms shown here, it’s easy to see how computer users could easily be tricked into downloading a file or application that was laced with a virus.

Cautious browsing
The second step to preventing infections on your computer is a combination of common sense and caution.

While it may not be common knowledge as to what is and is not safe to click on while on the Internet, really what it comes down to is using common sense. There’s no such thing as a free lunch, even on the Internet – if it seems to good to be true, it probably is. It’s very important while browsing the Internet that you do not click on anything that just catches your eye. Many times, people have a tendency to click on ads, and because of this, ads have a high risk of containing malware. Don’t click on ads!

The second part, be cautious refers to everything you are doing that involves the connection to the Internet.

If you are using email, make sure you were expecting an email from the person sending it. Opening forwarded emails is a bad habit.Many viruses attach themselves to email accounts and send a lot of spam and forwarded messages which unsuspecting users click on and mistakenly download a virus onto their machine.

So to sum everything up, you should always have antivirus software installed on your computer and keep it up to date.

Even if you think you are a computer pro, keyloggers and many other items can get into your computer and run in the background undetected sending away your private information.

Always use common sense and extreme caution as to what you click on. Nothing is free and you don’t ever know for sure who or what is on the other end of that email you just happened to get in your inbox.

If you think you may have a virus or malware on your computer, or just want it checked for safety’s sake, give us a call or bring your computer in and we can check it out.

It is all too common to see viruses on machines but not actually see anything different on the computer other than it “running a little slow.”

Will Your Internet Stop Working In July?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

You’ve probably read in the paper or saw on the news that hundreds of thousands of computers might lose Internet access after July 9. I’ve had several clients ask, “Is this true? How serious is it?”

The short answer is, you’re probably fine. If you use Tech Experts for your anti-spyware, anti-virus, and anti-malware services, we have you covered.

Don’t get me wrong, this is a serious threat. If you happen to be one of the people with an infected computer, then yes – there’s a good chance you could wake up on July 9 to no Internet.

What’s This All About?
In a word, malware.

Last year, malware infected over half a million computers worldwide. This nasty virus modified the process your computer uses to translate domain names – like “MyTechExperts.com” – into IP addresses – like 209.151.164.50. It’s the IP address that locates the actual physical server that houses the website.

To perform that translation, computers are programmed with translators – DNS servers – that answer questions like, “What’s the IP address for www.google.com?” DNS servers are automatically provided by your Internet provider when you connect to the Internet.

When this “DNS Changer” malware infected a computer, it altered the translation server that the computer would use. Rather than a legitimate DNS server, PCs were silently reconfigured to use a bogus one.

The problem is, this new bogus server sometimes lies.

False DNS Responses
Rather than answering the question, “What’s the IP address for google.com?” with the correct answer, the fake DNS server would return a different IP address: the address of a malicious server that was configured to look like Google, but that is really a server run by identity theives.

As long as the malicious server looked enough like Google, the computer user wouldn’t know until it was too late that something was wrong. They’d be tricked into thinking it was Google.

The bogus site (which could be any site the hackers chose, not just Google) could itself install more malware, display additional advertising, or do just about anything that a malicious website could do. All without warning.

What Happens In July
In November, the hackers were caught. But hundreds of thousands of infected machines were left with their DNS settings pointing to the fake DNS servers.

So, rather than removing the fake DNS servers from the Internet, the agencies that caught the hackers changed them to be legitimate ones. The government is spending about $10,000 per month to maintain these servers.

While this meant that people with infected PCs would be able to surf the net more safely, it didn’t change the fact that their computers were, fundamentally, still infected.

On July 9th, the government is shutting down the temporary DNS servers. Anyone whose computer is still infected, and is using those servers to get DNS answers, won’t get an answer at all.

Without a working translator – DNS server – your computer can’t answer the “What’s the IP address of xyz.com” for any site on the Internet. For those people with infected computers, the Internet will simply stop working.

Let me be clear: the Internet will stop working only if your machine is infected. It’s easy to find out if you’re infected. Visit the DNS Changer Working Group at http://www.dcwg.org/ and click the green button labeled “Detect.”

This will examine whether or not your computer is affected by the DNS Changer malware. If you’re not, you’re done. July 9 will be a non-event for you.

What To Do If You’re Infected
If DCWG indicates that you’re affected, the page should also include information on what to do to clean the infection from your system.

The good news is that there are many free tools that are listed as resolving the issue – free tools from most of the major anti-malware utility vendors.

Specifically, Windows Defender Offline (formerly Microsoft Standalone System Sweeper) is listed, and it would probably be the tool I’d reach for first.

After cleaning DNS Changer off of your machine, I would also seriously review the anti-malware tools that you’re currently using. Put simply, it should have been caught by now.

Alert: Top Four Threats Attacking Your Network

There are many threats that could be attacking your network. Here are just a few that most clients have happen to them.

Overconfidence
User overconfidence in security products is the top threat to your network.

Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords.

Surveys promising free stuff result in theft of information like your mother’s maiden name, high school, etc. which can be used to answer common security questions.

To avoid theft of otherwise secure data, think before you click.

Social Networking Sites
Social networking sites like Facebook are exploding in popularity. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable; defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies.

We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.

Attacks On Mobile Devices
Everyone is going mobile these days, not just the “road warriors.”

Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen.

Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

Cloud Computing
“The Cloud,” in its simplest form, involves using the Internet to access and store your data.

It’s actually thousands of servers all working together to provide computing power. When you access e-mail using a web browser, you are working in “the cloud.” Using the cloud for automated off-site backup is rapidly gaining popularity, but that’s just the beginning.

Companies like Microsoft, IBM, and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet.

You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

Pay close attention to this top threats and it will help with network security.

Top 5 Ways to “Break” Your Computer

Here are the top five most common ways to “break” your computer. The reason break is in quotations is because no matter what happens to your computer we can almost always fix it…it just doesn’t make sense sometimes from a financial stand point to do so.

My computer won’t turn on
This very common situation and can be caused by many different things.

One common cause, however, that IS preventable is the computer overheating.

The first step to preventing this issue is to put the computer on an elevated surface instead of the floor if you have the space to do so.

The reason you want to do this is normal everyday foot traffic around or near the computer kicks up a lot of dust and debris that can coat the insides of a computer and cause the processor to not be cooled properly.

The other step you want to take to prevent this issue is to take a can of air and blow out the computer on occasion.

We do NOT recommend open­ing the case and doing the interior yourself as it is possible to cause damage to components.

My computer is running really slow
Yet again another common scenario we hear almost every day.

Unfortunately, there is no way to completely avoid this, but there are some ways to slow it down.

As your operating system instal­lation ages, and depending on how much it is used, the operating system, and software files in it can become damaged or corrupt, which slows your computer down.

The best way to combat this issue is to make sure that your uninstall­ing unused programs through the control panel, and simply keeping unused junk files clean off of your com­puter.

The more you keep your computer and OS the way it was when you pur­chased it the better it will run.

This can also happen if you shut your computer down improperly. Always go through the Start Menu/ Shutdown process when powering off your computer.

Constant popups are interrupting me and making my PC slow
Almost always, this very com­mon issue is caused by a virus or spyware on your computer.

Unfortunately, there aren’t any fool-proof methods of preventing a virus or malware attack.

The best thing you can do to help prevent an infection is to have anti­virus software installed on your PC, but keep in mind, even this does not guarantee you will not get a virus/ malware infection.

The other step to help prevent this is to only go to websites that are considered to be “safe,” meaning they are legitimate websites that its owners would not be trying to gain access to your PC or have any reason to infect your computer.

The most common place for users to get viruses and malware is from browsing the web for free items such as software, movies, music, etc. or even from emails.

Unfortunately, if you do end up be­ing infected by a virus, they’re very difficult to completely remove.

The process used to properly remove a virus is complex and if not done properly can damage your computers operating system and/or cause data loss.

That being said even if you bring the computer in it is possible for a virus to attach itself to a file and damage it permanently so even we may not be able to recover all of your files in the event of a very bad infection.

In most cases we are able to remove all viruses/malware from a system and the user not even notice that they ever had one. There are times, though, where the virus does irreversible damage.

My computer can’t get online
This is another common issue, and is most often caused by the above issue – viruses or spyware on the computer.

Viruses, spyware and malware have all kinds of different effects on the computer. When that is not the cause there are several other issues that may come into play.

As long as other computers at your home/business are able to get online the issue is more than likely due to a setting on your computer itself.

The most common instance I can think of with laptops is the user ac­cidentally switches the WiFi switch to the off position (and doesn’t realize the laptop even had a WiFi switch).

In a desktop, however, as long as the connection issue has not been caused by failing hardware, it is usually caused by a setting changed within the computer.

Connection issues encompass a number of possible settings on the computer, so it’s hard to give you all the information to properly troubleshoot this issue in a small newsletter article.

When it comes to connection issues your best bet is to give us a call and let us diagnose the issue for you.

We troubleshoot many connectivity issues here in the shop as well as onsite. So, no matter where your problem lies, we can get you back online.

Windows told me I had some updates so I installed them. Now my computer won’t boot
Windows updates are almost always important, but they can also be complex in how they interact with your operating system and installed software.

Unfortunately, since most of the updates address serious security risks they must be installed.

The best practice regarding updates is to review them immediately, and perhaps even download them to the machine, but wait a few days in case there are issues with the updates.

If Microsoft finds that there are is­sues with a patch, even though they do test them to begin with, they will pull the update off of Windows updates until the issue is resolved.

This will help prevent you from getting an update that can cause a problem.

Hardware driver updates are by far the most common type of update that “breaks” the computer.

We generally don’t recommend downloading them unless you are having a problem with your current driver, or there’s a serious security issue with the current driver.

With hardware sometimes it’s better to go with the “Don’t fix it if it isn’t broke” sentiment. If you do mistakenly update and then are unable to get into Windows, bring your computer in and we can get the issue corrected!

These are a few of the common is­sues that we see every week. Hope­fully this short list can help keep your system running smoothly, and help you solve basic issues.

Featured Article Written By: Tech Experts

Is Your Computer Acting Scary? Try These Tips!

Has your computer been acting strange lately? Has it been popping up with funny messages, running slower than normal, missing buttons or cannot get on the Internet? All of these things can be caused by malware and can do so without the computer user even knowing that they are being targeted.

Most effects of malware are just annoying to the user but some can attack your PC and cause the computer to be unusable or even to lose data.

The use of the Internet has caused an increase in this type of infection. What exactly are viruses, spyware, Trojans, worms, and adware?

• Viruses are computer programs that can copy itself and infect files increasing memory usage and slowing down the system. Viruses can be opened by launching a file that has .exe on the end. Other people can be infected by contact to the file that was originally infected. The virus can do harm by attaching to an application, application file or by residing in the memory (RAM).

• Spyware collects information about the user’s Internet activity or changes the configuration of the computer. They can change the home page that opens up when you start Internet Explorer or add buttons to Explorer. Also called adware.

• Trojans are, many times, a form on a web site that misleads you in believing that a program is used for a helpful purpose but instead has a malicious intent. You can be downloading a paint program to make artwork but instead you are really being infected by a Trojan that may harm your computer .

• Worms are like a virus but spread through a network of computers without a user doing anything. These will corrupt files and cause the Internet to run slowly on your computer.

• Malware are any of the above types of infections.

Now that you know exactly what these pesky pieces of software are, it is time to modify your Internet habits. These are some tips to help avoid risky behavior on the Internet.

• Use a firewall. This will help block unwanted transmissions to your computer.

• Update your operating system when needed. Microsoft routinely releases updates for security fixes.

• Use an anti-virus software.

• Never open e-mail or attachments from anyone that you do not know.

If you have questions about computer viruses, or think you may have an infection, call the Tech Experts 24 Hour Computer Emergency Hotline at (734) 240-0200.

Has Your Computer Been Taken Over By a Bot?

David Perry, global director of education for security software provider Trend Micro, was recently quoted in PCWorld as saying, “An unprotected [Windows] computer will become owned by a bot within 14 minutes.”

A bot is an automated program that takes over your computer and uses it as a spam machine, to copy your personal information, such as credit cards numbers, or something equally as evil.

One way to spot a bot is to be aware of network activity when you aren’t on the Internet. You can put a network status light in your system tray. If you see it blinking when you are not using the Internet, there might be a problem.

Do this: In Windows XP, choose Start, Control Panel, Network Connections. You will see an icon for your network connection. Right-click the network connection and select Properties from the popup menu. Check “Show icon in notification area when connected,” and click OK.

Remember, lots of unexplained network activity can mean your computer is “owned” by a bot.

Double check by going to one of several free scanning sites such as McAfee Free Scan or Trend Micro’s House-Call. Then buy antivirus software, install a firewall, and never open e-mail attachments from unknown sources.

“Storm” Worm Makes Anti-Virus Programs Brain Dead

The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on systems, it’s now doing a modification to render them brain-dead.

The finding was made by Sophos and was mentioned by a security strategist for IBM Internet Security Systems. According to Sophos, the Storm botnet—Sophos calls it Dorf, and it’s also known as Ecard malware— makes programs that interact with Windows, tell the virus every time a new program is started.

The virus then checks the program that started to see if it was an anti-virus or anti-spyware program, and if it is, it will either stop the program from running, or modify the program so that it can’t detect the virus.

Then, when the anti-virus programs run, they simply tell the user everything is ok.

The strategy means that users won’t be alarmed by their anti-virus software not running.

The anti-virus is running but brain-dead, which is worse than shutting it off, since it then opens the door for all sorts of other virus and spyware programs to infect the system.

This new behavior the latest evidence of why Storm is the scariest and most substantial threat security researchers have ever seen. The Storm virus is patient, it’s resilient, it’s adaptive in that it can defeat anti-virus products in multiple ways. It changes its virus footprint automatically every 30 minutes.

It even has its own mythology: Composed of up to 50 million zombie PCs, it has as much power as a supercomputer, the stories go, with the brute strength to crack Department of Defense encryption schemes.

In reality, security researchers in the know peg the size of the peer-to-peer botnet at 6 million to 15 million PCs, and not on par with a supercomputer. And it can’t break encryption keys. Still, it is very dangerous.