How many times have I seen people on forums shouting, “Aaaah! I have a virus! Where did it even come from?” and inevitably someone will snidely retort, “You shouldn't have been downloading porn!” And the victim will defend themselves, “No, I downloaded books, songs, and movies…” So I downloaded a book! In PDF format. Not from the author's website. And I opened it in Adobe Reader.
It's a shame, I didn't even really need it. I was just learning English and subscribing to a few newsletters on the topic. I wanted to clarify one point that was missing from the newsletter text. I did… It's unlikely the course author had concocted such a dangerous file themselves; someone had simply taken advantage of its popularity. But I didn't know all that yet.
After a while, I received a notification from the Webmoney website, saying that someone had accessed my wallet from such-and-such an IP address five minutes ago. I checked the IP address—it was mine! I started checking to see if I'd accidentally opened a Webmoney tab. I didn't think I had, or maybe I'd opened it and then closed it without noticing… The notification service must have made a mistake, I thought.
I continue surfing the internet, and one website after another won't open – popular, good, trusted ones. And among them – antivirus software websites! Then I remembered that this can happen when your computer is infected with a virus (well, I'll call any malware that). I do have avast! – it's not that I'm so happy about it, it's just the name, with the exclamation point. A free version of this powerful paid antivirus is available for home computers, not cut down, no weaker than the “real” one. It's just that even an old woman can make mistakes, as you'll see later. It scans files when downloading, emails when downloading, and warns about dangerous websites. But it's still useful to have some additional insurance – just not a second antivirus, otherwise they will detect each other as viruses. You can use one-time scanning utilities that don't conflict with your standard antivirus.
I downloaded a Dr.Web utility on another computer. It's called CureIt!, which also has an exclamation point, which is enticing. You should always download the latest version; it's updated frequently. CureIt! found one infected file and identified the virus: Trojan.PWS.Ibank.173. I should have immediately disconnected from the internet and had a thorough, complete scan, but instead, I'm here, searching for information on the possible risks. Even Kaspersky doesn't yet have a description of this particular version. However, I learned on the Dr.Web.ru forum that even after a cleanup, your computer needs to be cleaned and passwords changed.
And then I got another notification from the Webmoney website: your wallet was accessed five minutes ago from such-and-such IP address. I checked the IP address – it wasn't mine… from a different city altogether. And the wallet was already clean and empty! And it was cleverly done: the hacker didn't just transfer money to someone else's wallet (in this case, Webmoney arbitration blocks wallets upon complaint and investigates). They exchanged WMZ for rubles, and transferred the rubles to VKontakte.ru, where they most likely spent them through online stores.
I called the police, Department K (computer security), and they told me that if a hacker could do something like that, they're unlikely to be so stupid as to reveal their own IP address. I also contacted VKontakte.ru and Webmoney tech support, but what would they tell me? Just one thing: you need to follow security rules and not leave the certificate in storage, especially an exportable one.
User rights
If a computer's user rights are limited, User Account Control is enabled, and a firewall is running, then if any unnecessary activity occurs (for example, if a Trojan attempts to launch a program or transfer logins, passwords, or certificates to a website), the system will either prohibit it, prompt the user again, or request an administrator password.
Sure, it's annoying to have to frequently enter passwords and answer questions, but convenience can be more expensive than expected. And not just in money. I now have to change the passwords for every website I logged into while the virus was in my system.
Although this is precisely what you need to do periodically! And under no circumstances should you save passwords in browsers. Firstly, the Trojan will steal them first, and secondly, you'll forget them if you don't remember them for a long time.
However, you can avoid remembering and recalling them, and use password storage programs.
Password storage programs
Convenient: enter your logins and passwords for all the websites you're registered with (as well as your bank card PINs and other sensitive information you're afraid to forget). The program itself can generate passwords for you—good, strong ones. Just remember the main password—the one you need to run the program with. The program is stored on a flash drive and can be used from any computer. And if you lose the flash drive, no one can decrypt it without knowing the password. True, you won't be able to access it anywhere else… But you'll make more than one copy, right? It's easy to use—the program logs you in to websites automatically, so you don't have to type anything, which means keyloggers won't harm you. (These are the types that intercept and send everything you type to their owner.)
Just imagine, the hacker who stole my WebMoney also intercepted and read absolutely everything I wrote to friends that day on ICQ and in forum comments, including anonymously. It's a good thing I don't keep a personal diary. With reviews of pornographic films I've watched, yeah… (No, I didn't download any porn!)
To avoid repeating my mistakes, let's repeat my lesson (meaning, the lesson I learned).
Rules of protection
Protection
The first program you install on your computer before connecting to the Internet should be an antivirus program.
Antivirus software, like any other program, can be licensed or free. Cracked antivirus distributions can easily spread viruses.
Periodically back up your antivirus with other scanning tools, but make sure they don't conflict with each other.
Install and configure a firewall while using the Internet.
Don't disable system and software updates. Most of them are designed to fix vulnerabilities, not just improve performance.
Disable autoplay for external drives. This will stop DVD movies from playing automatically, but it will also prevent viruses from infecting your computer immediately when you insert a flash drive or disc.
Installing programs
Be sure to manually scan the flash drive or disk with programs that a friend has burned for you with an antivirus.
Download all free software, including drivers, from the manufacturers' official websites, as other internet resources may contain viruses.
While you're installing your usual suite of programs on a clean system, you can operate under an account with administrator privileges. Once installed, switch to a limited account or downgrade the current user's privileges and create a separate account with administrator privileges and a password. (If you know how to access the built-in administrator account, simply set a password for it.) If you need to install anything else, run the distribution file by right-clicking it, selecting “Run as,” and entering the administrator password.
Browser
Browser – any except IE. Don't believe the claims that it's getting better and more beautiful every day…
Avoid visiting dubious websites, especially little-known online stores. Trust your browser when it warns you about dangerous content, and install additional tools to assess a site's reputation. If you need educational information, use the edu.mail.ru search engine to avoid accidentally stumbling upon a website offering essays.
Don't fall for tempting browser offers to remember your passwords.
Passwords
Set complex passwords: long enough, alphanumeric, and with special characters, different for different services. If you don't remember them, write them down. In a notepad, not in Notepad. Change them frequently. Passwords, not notepads. It's easier to do this with a password manager.
Don't keep emails with password reminders for websites in your inbox. If you need them, just ask for them again.
Don't set password reminder questions that are easily answered by people you know or your social media accounts. For example, the question “Pet's name” might be answered in photo captions like “This is our Murka.” And your mother's maiden name can be found out from a relative you know on Odnoklassniki.
Payments
When using electronic payment systems, carefully read and follow their security instructions. Most importantly, logging into the system shouldn't rely solely on computer-based actions (login, password, or even a certificate). You need something else that only you can do: install a certificate from a flash drive into storage, enter a code from a security code card or an online banking SMS, etc.
Backup
Assume your computer is exposed to all winds, and don't keep any compromising information or important or necessary things on it. Instead, dump them onto external drives, make more copies, and update them more frequently, the more important these files are to you.
Treatment rules
If you suspect virus activity (antivirus developer websites won't open, your system is slow, strange folders and files are appearing where they shouldn't be, or processes are starting), get checked. Disconnect from the internet and search for all information about the virus and up-to-date scan tools on a “clean” computer. An infected computer will likely prevent this, and you'll waste time.
Once you've removed a virus, protect yourself from the consequences. Traces, tails, and even active parts often remain in the system, which can be activated under certain conditions. You can read about this on specialized forums, where they also offer removal methods. Typically, you need to register, download a specially designed program, run it, report its behavior, upload the results to the forum, and follow the developers' recommendations… Yes, it's time-consuming and tedious, but that's how antivirus software improves and expands its databases. Help us—if not you, then others will benefit.
It might be easier to reinstall the system, but keep in mind that the information you save before reinstalling may contain infected files, so you still need to treat it before doing this.
Well, happy and safe surfing on the internet after some serious and thorough preparation! Alexander Tsukanov
