Blog article
See all stories »

My wife has a Trojan!

A couple of months ago my wife, who works for a small start-up, got a brand new laptop for remote access. A small, white thing that looked pretty but, I suspected, came with little security, given that whenever I shoulder-surfed her I saw warnings like “no anti-virus installed”.

So when she wasn’t looking, I sat down to investigate.

The first thing I noted was that indeed no anti-virus was installed. We all know that today’s AVs do not provide full protection against Trojans, especially if all you use is the free signature-based scans, but a PC without any AV is just inviting trouble.

The next thing I noted was that the laptop ran Explorer 6.

This was far worse. Explorer 6 is the security equivalent of Swiss cheese: it’s full of vulnerabilities. No one should run Explorer 6 on their machine. See this Wikipedia article if you’re still not sure.

So immediately I googled Explorer 8 and hit the link, which was supposed to take me to Microsoft.

Only it didn’t. It presented a familiar “page cannot be found” 404 error.

Is the Internet on? It looks like it is. Lets try again.

Not working.

OK, maybe it’s an old link. I went directly to Microsoft.com so I can look for the download.

“Page cannot be found”.

What on earth? Microsoft can’t be down, can it?

Well, sometimes there are all sorts of local connectivity issues somewhere in the vast hidden backbone. While I resolve this, how about downloading another browser?

Firefox isn’t as secure as people tend to think; Microsoft invests HUGE efforts in fixing and testing vulnerabilities while Firefox simply cannot afford the same investment. Still, an up-to-date Firefox is better than Explorer 6, so I googled Firefox and clicked on the website link to download it.

Page not found.

Hmmmm… This started to feel extremely suspicious. The next few minutes were spent on a general sanity check. Wi-Fi is on. Lets see… Google obviously works, and also Google News works; my wife’s university website works. So it’s not an Internet problem.

Suspicion started to crawl. I typed Symantec.com

Page not found.

McAfee?

Page not found.

AVG? Kasparsky? Panda security?

Page not found.

CNN.com?

Works like a charm.

Holy cow!! She’s got a Trojan!

A Trojan that blocks access to just about every anti-virus website, big or small. I tried about ten, including specialists anti-malware and secure browsing software.

Page not found.

OK, this was getting on my nerves. I thought of a way to install an AV: going to an all-purpose download website and simply downloading one of the free tools directly, just to see if this pesky Trojan can be easily detected and removed.

Which is exactly what I did. I finally managed to download a free anti-malware specialist tool and ran a scan.

It took about twelve minutes to complete the scan of every file on the PC; eventually the software said I had a suspicious registry entry and offered removal, which I happily accepted.

After another scan – this time clean – I rebooted the laptop, did a third scan just to be sure, and went to Microsoft.com

Page not found.

Grrrrrrrrrrrr....

OK, I’ll cut the story short. It doesn’t have a happy ending: you see, I told my wife’s boss, the CEO of the start-up, that the laptop is infected. He asked if it’s possible that someone deliberately targeted my wife as the company was involved in top-secret M&A discussions. I said the chance of that is close to zero, and it’s probably a random infection.

He said he’ll take care of it; I warned that even formatting the hard drive may not work, and that if the PC lab they work with cannot positively identify and remove the Trojan, they should just take the hard disk and throw it away.

Then I went on a couple of business trips and forgot all about it. When I got back, Wife told me they 'got rid of the problem' by formatting the laptop, and giving it to another employee.

Poor soul.

Anyway, she now has a new laptop, which she still didn’t bring home so I couldn’t yet check it up.

Honey, I can’t wait.

7915

Comments: (0)

Uri Rivner

Uri Rivner

Chief Cyber Officer

BioCatch

Member since

14 Apr 2008

Location

Tel Aviv

Blog posts

83

Comments

36

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.


See all