Last Friday, 3/31/2017, we had an issue with a client who was reporting that antivirus had picked up a particular kind of virus, called a worm, which was called Bluber.A. The problem had arisen after a routine software update, so we told the client our tech would roll back that last update and try to figure out where the worm had come from. After that was a success, we pushed the update out again, and the worm did not return. What happened?
Types of Viruses
There are several types of software which you might call a “virus”. A virus, specifically, is a type of malicious program (hereafter, “malware”) that reproduces itself. Once copying is complete, the affected files are said to be “infected”. Here are some other types of malware that you might find on an infected machine, adapted from Malware Truth:
- Adware: this is the least dangerous, but most lucrative form of malware. Adware displays unwanted popup advertisements on your computer.
- Spyware: Spyware spies on what you do, and sends that information back to its distributor. Paired with adware, you will get targeted advertisements.
- Worm: A worm works to eat your hard drive, much like earthworms go through dirt. Like their organic cousins, computer worms leave unusable refuse behind them. Unlike their organic cousins, their leavings are not good for your garden.
- Trojan: Trojan software makes itself look desirable to encourage you to download it. It might look like a game or a music track you want to hear. It might actually have the desired content, but it definitely has a viral payload inside, as well. A Trojan can allow hackers to gain access to your machine remotely, and you might never know they are there.
- Ransomware: Ransomware has become popular recently with hackers. It locks you out of your own computer and demands payment, usually in the form of digital commodities like BitCoin. The money you pay to convert into BitCoin is much harder to trace than other payment methods, and it is fairly easy for criminals to convert back into cash. Ransomware can be defeated by regular backups.
- Fake Antivirus: You may see advertisements for antivirus software online. Be careful and stick with reputable solutions, because otherwise you will be tricked into downloading the fake stuff! While claiming to be good antivirus, a fake program will actually contain another kind of malware, particularly something like a Trojan or Ransomware.
- Browser Hijackers: If your internet homepage suddenly changes, especially after installing a new piece of software, you could be victimized by a Browser Hijacker. These are the latest in the Adware/Spyware type, and they function as a way to funnel your clicks and searches into money for the hacker or as a gateway for more malware.
What Happened?
It turned out that the Bluber.A infection was a false positive! Antivirus functions on rules called heuristics, which are guidelines that tell your antivirus program what a virus might look like. The antivirus software provider occasionally updates these rules to keep them up-to-date and prevent malware from spreading. Making these rules are definitely more art than science, and sometimes antivirus will report malware when none exists. Antivirus software has to be oversensitive, because the worst outcome would be a false negative – detecting no virus when one does, in fact, exist on the system. Fortunately for us, the Bluber worm had not made a comeback (Microsoft first detected it in 2012), but their antivirus definitions were simply bugged temporarily. Updating the system made the problem go away.
Do you have a problem with viruses? We can help!
Do you need help with your small business’s technology? Contact us today!