Incredibly (for Microsoft) there is only one security update released today (on this “patch Tuesday”) and its severity rating is low for all versions of Windows except Windows 2000 for which it is rated as critical. If you are one of the few remaining people using Windows 2000, you should immediately update. For everyone else, it’s advisable but I wouldn’t lose too much sleep over it.
This week I have seen a new piece of “scareware” floating around. For those who don’t know this jargon, here is a description of scareware. When visiting a website, users see an advert advising them that they have a virus or other malware. In a state of panic, unwary users click on this video (that is all it is, there is no way a website can scan your system for viruses without you installing a programme) Upon clicking on the video, they go through the process of installing the malware. Then, this “Windows security 2010” or whatever name it gives itself, starts to take control of their system, and basically holds them hostage unless they cough up $$ to “upgrade” to a registered version. This malware may also install trojan horses, viruses, spyware, to varying degrees, sometimes to the point of making their operating system unstable. You can never really trust a system that has been infected to this level. In the past, virus writers did it for the kudos, to prove they can do it, or to take over machines to use as proxies for attacking other targets such as Nasa, banks etc. Now it is more financial. There are viruses and other malware out there, that evade the anti-virus vendors, due to their scarcity. A good example is the use of such programmes in espionage. It is not in the interest of governments spying on foreign countries to have their “backdoor” programmes discovered. Such programmes would be distributed to unwitting victims selectively and with no obvious signs. Viruses tend to get discovered because a) they progagate widely and b) because they display some obvious signs or are used for credit card theft etc. If the sole purpose is to reveal information, the victims may never know they’ve been compromised.
I’m rambling, but back to the point, if you have had a machine filled with multiple pieces of malware, backup your data, and format your hard disk.