FBI MoneyPak Scam - Virus

Recently, I came across this virus on a system running MS Security Essentials.  It appears to be a very problematic virus, which exploits a Java vulnerability (what I've read so far).

 

However, during my search, the only information I could find specific to this virus was information on how to remove it; not how to prevent it using existing products today.

 

The system ran MS Securty Essentials; current verion, current virus patterns, and the product did not even detect that it was inbound or had been planted (this even though "real time" protection was turned on.)

 

Why wasn't this virus detected? Why wasn't MS Security Essentials able to remove it? Why wasn't the target web site a known problem site, and access to it blocked either by MS Security Essentials or the MS Firewall?

 

MS Security Shall remain the product of choice; simply because it appears to be as good as any other product out there, AND it integrates seemlessly with Win 7 (and other verisons.)  It operates effectively with a smaller footprint than other products as well, without significant impact to system resources.

 

Yet, here is a known virus; with a known payload; with a known lockdown of the system preventing further actions; so how was the virus able to penatrate the system?

 

Thank you for any insight and guidance provided.

Answer
Answer

All this does is reinforce your thoughts but if you have not read it you might find it of interest: http://krebsonsecurity.com/2012/08/inside-a-reveton-ransomware-operation/#more-16393

 

This is a peer supported forum and we don't work for Microsoft.  We're users who volunteer to assist others with problems.   Someone from MS may or may not see this thread and if so would not necessarily add any comment to it.

Should you wish to convey your thoughts and concerns to MS please see the following:

Microsoft Support - Contact Us
http://support.microsoft.com/contactus/?ws=support#tab0

Microsoft - Phone Numbers for Microsoft Technical Support
http://support.microsoft.com/kb/319726/en-us

Microsoft - Contact Us by Email
http://support.microsoft.com/contactus/cu_sc_selector_email?ws=support%2csupport

 

Microsoft Security Essentials Feedback: https://feedback.microsoftsecurityessentials.com/

 

I'm of the opinion that sometimes you can do everything right but your computer may still become infected.  That may be what happened to your friend...but I also recommend you continue your interaction with PA Bear who is quite good at identifying potential weaknesses/glitches on what appears to be a "secure" computer.

 

Regards...

MVP Consumer Security 2014-2016
Windows Insider MVP 2016-2018

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer
Answer

Leo explains the problem quite well, I think: http://ask-leo.com/why_dont_antimalware_tools_work_better.html

 

Microsoft Security Essentials is designed to manage the PC’s real-time protection against malware including viruses, rootkits, spyware and trojans.

I'm not employed by Microsoft and have no interest in defending MSE other than to try and answer your question. 

No antimalware program can provide 100% protection. All AV vendors (whether free or paid versions) fight a constant battle to stay ahead of the authors of malware and keep their databases updated and current...some of the malware is programmed to change every few minutes to help it avoid detection.  And we sometimes receive complaints on these forums regarding failure of other AV programs to adequately protect computers…see these threads: http://answers.microsoft.com/en-us/protect/forum/protect_scanning/how-do-i-get-rid-of-the-smart-internet-protection/2d19448c-7cc7-451d-88c6-c9db9b2f7a3e#e5a340d7-0ee2-4335-a357-291d1989f26e, http://answers.microsoft.com/en-us/protect/forum/protect_scanning/pack-win107-2121/7e7385e1-c5db-4d1a-9aa5-b0279af0849c and http://answers.microsoft.com/en-us/protect/forum/protect_scanning/smart-hdd-virus/f0f6f6b9-1568-4188-80f3-4c338702b645. MSE is not perfect but it seems to be doing as good a job against malware as any of the AV programs.

 

MSE Forum Moderator Stephen Boots sums up part of the problem with malware detection as follows: The common tactic is the social engineering aspect. The way it then gets past detection is that the initial piece that comes down morphs constantly and doesn’t match a known signature, The user invited it, so the action it initially wants to take isn’t seen as malicious behavior. Once on board, it will typically find an unpatched exploit to deliver some additional payload and apparently some of those initial steps will either cripple the detection engine or even get the user to do it for them. “You must update your Flash Player to see this video,” for example followed by instructions to disable the antivirus program.

Besides using an antimalware program, the following recommendations will assist in protecting the PC from infection:

-Make sure that the Windows Firewall is enabled.

-Make sure that all important/critical updates, including service packs for the operating system and programs are installed from Microsoft Update (Windows Update).

-Make sure Internet Explorer is at version 8 or higher and updated with all patches.

-In Internet Explorer 8 or 9, use the SmartScreen Filter.

-Make sure that IE Internet Security settings are at least set to medium-high (default).

-Enable the pop-up blocker in IE.

-On Vista and Windows 7 make sure thatUser Account Control (UAC) ON  and not running with elevated privileges.

-Make sure that Windows Automatic Updates are set to at least notify, but the preferred setting is to download and install automatically. If you update manually, be sure to update as soon as possible after being notified of available updates.

-Make sure that installed applications, especially Adobe Acrobat, Adobe Flash, and Java are at their latest versions. Many vendors are regularly updating and patching for security holes.

-Never click through links from unknown sources and use caution even if they are from a "trusted" source.

-Never open unsolicited email attachments.

 

 

Regards...

MVP Consumer Security 2014-2016
Windows Insider MVP 2016-2018

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 16, 2018 Views 7,887 Applies to: