FBI Security Warnings – Too Little, Too Late?

Earlier tonight, I ran across a press release from the FBI. As I read it, I nearly screamed out loud at my computer. In short, the release is warning computer users of the dangers of a malware infection commonly referred to as Zlob. This infection will cause popups on your desktop, warning you that you are infected, and should download such-and-such software to cure this problem. Welcome to our world, FBI folks… a tad late.

The Zlob family of infections are a thing of the past, for the most part. The instances we see here on GeeksToGo have decreased dramatically, thanks in part to tools such as Malwarebytes’ Anti-Malware (and other software) that easily combat the infection. We are seeing rootkits, Google redirection problems, and other such nasty problems instead. DNS changing trojans are definitely still out there. Also, very often DNS poisoning capabilities are built in as components of other malware. While Zlob was prevalent early in 2009, it’s honestly been several months since we have seen it dominate our help forums.

I think it’s wonderful that the FBI and other organizations are attempting to help warn consumers, and try to protect us. However, I honestly wish they were more up-to-date. Instead of advice relating to specific infections, I feel that organizations such as this should be providing more comprehensive “overall” advice as to how people can keep their computers – and identity – safe. Pinpointing specific infections the way the FBI has done only serves to generate media hysteria that can cause panic, and obscure the REAL – and helpful – advice. Simple and safe computing practice guidelines, in clear language that non tech-savvy users can understand, is more helpful than specific malware warnings. The age of outbreak is behind us, and malware specific warnings will always only serve a very limited purpose. The average “distribution lifetime” of any given piece of malware now is about 3 hours, before it is replaced with another variant… and we see a new malware variant being released every 1.5 seconds.

The majority of infections can be avoided by keeping all applications and operating systems up to date, using your computer in a non-privileged user account (i.e. not Admin), and running security software that automagically updates and provides real-time, dynamic protection. Security software that relies on pattern file updates alone is no longer fast enough to offer the protection required.

As I said, I appreciate that the FBI wants to attempt to help people when it comes to securing their computers. I feel, however, that they need to do their research before writing something such as this. They need to be in contact with the experts who deal with malware day in and day out. Partnering with vendors of security products when attempting to educate the public is another good idea, as well. It is the experts in places such as our site who work in the trenches day in and day out combating malware who are the ones you should listen to – not some government agency.

I have to thank Rik Ferguson, who is a Senior Security Advisor for Trend Micro, for collaborating with me on this post. I owe him a debt of gratitude for his guidance, his insight, and his humor.

What are your thoughts? Do you feel that the FBI is on the right track in trying to warn consumers about specific infections? Should they instead focus on general security tips?

  • Talia

    Great post, Kat.

    I think it's a good step, but they really should focus on more general education UNLESS there's a nasty bug that is an immediate problem.

  • Talia

    Great post, Kat.

    I think it's a good step, but they really should focus on more general education UNLESS there's a nasty bug that is an immediate problem.

  • Tom

    The Government. Now providing you with effectively useless, outdated info. Handy.

    It's like a car...if you keep crashing, you should probably improve your driving skills. At least a car requires a test before being allowed to drive it; the same can't be said for computers

    The majority of the time infections are preventable; they don't 'just happen' all that often.

    You don't need to run blind when on the 'net. Tools such as WebOfTrust will show you if a site is questionable before even clicking on it.

    ESET has to make the best firewall/AV combo I've ever used; beats the rest hands down. And yes, I've tried 'the rest'.

    Don't click random links in emails; no, your bank doesn't need you to confirm details. Even if it did, type the URL manually into the address bar so you know it's not some phishing attack.

    We don't need the FBI to tell us how to protect ourselves online, we need common sense and a few good practices. Scaremongering is of little use, especially when it's a year after most people got hit with the infection.

    The one bit that gets me wondering though: is this advisory being released now as it's held up in red tape, or simply because the FBI are -that far- behind the rest of the world when it comes to computer security?

    Thank goodness we have people like Kat out there, staying on the -current- pulse of the problem.

  • Tom

    The Government. Now providing you with effectively useless, outdated info. Handy.

    It's like a car...if you keep crashing, you should probably improve your driving skills. At least a car requires a test before being allowed to drive it; the same can't be said for computers

    The majority of the time infections are preventable; they don't 'just happen' all that often.

    You don't need to run blind when on the 'net. Tools such as WebOfTrust will show you if a site is questionable before even clicking on it.

    ESET has to make the best firewall/AV combo I've ever used; beats the rest hands down. And yes, I've tried 'the rest'.

    Don't click random links in emails; no, your bank doesn't need you to confirm details. Even if it did, type the URL manually into the address bar so you know it's not some phishing attack.

    We don't need the FBI to tell us how to protect ourselves online, we need common sense and a few good practices. Scaremongering is of little use, especially when it's a year after most people got hit with the infection.

    The one bit that gets me wondering though: is this advisory being released now as it's held up in red tape, or simply because the FBI are -that far- behind the rest of the world when it comes to computer security?

    Thank goodness we have people like Kat out there, staying on the -current- pulse of the problem.

  • Some good prevention advice is also offered in our forums:

    Preventing Malware and Safe Computing

    Read, or join the discussion. 🙂

  • Some good prevention advice is also offered in our forums:

    Preventing Malware and Safe Computing

    Read, or join the discussion. 🙂

  • Kat, very intresting post. I found your insight and knowledge very helpful. I like to think that i'm "computer smart", well more so than the average user, but not as much as the geeks in #chris, and I still found a lot of what you said very helpful.

    In the article, you mentioned that the new malware variants can damage your computer, if you are logged on as an administrator. I would like to know whether or not UAC (User Account Control) in Windows Vista and Windows 7 will protect you. The extra secruity in these operating systems, surely will prevent malware endangering your computer, whether or not you are on an administrator account? If this is the case, then there is no need to login in as a standard user on Windows Vista and Windows 7.

    Very good article, Kat. If you could answer my question on here, or #chirs, then I would appreciate it. Well done 🙂

  • Rik

    Hi all, just wanted to chime in on the Founders question. Using a non-privileged account and UAC are both good security measures, the password prompt at the very least alerts a user (or at least a slightly aware user) to the fact that *something* is happening.

    The sad truth is though, most of the initial infections we see, more than 90%, are Trojans and in many cases the victim's thinking goes like this "I want to watch this video/play this game etc, I will click this link. Ah the link is telling me I need a new codec to watch this video, I will install it. This insallation/execution routine is asking me for my password just like all the other installations I have done. I will enter my password".

    Criminals will always look to exploit the weakest point, and the weakest point is very often the user. Once the Trojan is in there it can get down to business giving itself permanently elevated permissions, downloading all its other components and updating itself and flying under the radar of your AV software.

    UAC has certinaly changed the way malware needs to be coded, but malware writers have already adapted. UAC raises the bar, but it is not a security barrier.

    Cheers,
    Rik

  • Rik

    Hi all, just wanted to chime in on the Founders question. Using a non-privileged account and UAC are both good security measures, the password prompt at the very least alerts a user (or at least a slightly aware user) to the fact that *something* is happening.

    The sad truth is though, most of the initial infections we see, more than 90%, are Trojans and in many cases the victim's thinking goes like this "I want to watch this video/play this game etc, I will click this link. Ah the link is telling me I need a new codec to watch this video, I will install it. This insallation/execution routine is asking me for my password just like all the other installations I have done. I will enter my password".

    Criminals will always look to exploit the weakest point, and the weakest point is very often the user. Once the Trojan is in there it can get down to business giving itself permanently elevated permissions, downloading all its other components and updating itself and flying under the radar of your AV software.

    UAC has certinaly changed the way malware needs to be coded, but malware writers have already adapted. UAC raises the bar, but it is not a security barrier.

    Cheers,
    Rik

  • THE FOUNDER

    Rik, thanks for answering.

    That was my initial point, which I was trying to get accross. It is safe to use an admin account, rarther than a non privileged account in vista/7 because they can't load anything up or sneak any malware onto your system, without you knowing. If it was xp and you was an admin, then no popup would appear warning you and it would damage your pc. I asked if this was the case, because I do not know if any malcious software has already got around this problem.

  • THE FOUNDER

    Rik, thanks for answering.

    That was my initial point, which I was trying to get accross. It is safe to use an admin account, rarther than a non privileged account in vista/7 because they can't load anything up or sneak any malware onto your system, without you knowing. If it was xp and you was an admin, then no popup would appear warning you and it would damage your pc. I asked if this was the case, because I do not know if any malcious software has already got around this problem.

  • blacksilk

    There's possibly a resurgence or new family of malware infections described above in the FBI warning. My laptop was hijacked last night.

  • blacksilk

    There's possibly a resurgence or new family of malware infections described above in the FBI warning. My laptop was hijacked last night.

  • Bonded

    My laptop was hijacked last night and, without my asking, was deluged with insistent $$ offers of help.

  • Bonded

    My laptop was hijacked last night and, without my asking, was deluged with insistent $$ offers of help.