DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

AntiVirus 2010 can a Vigor Stop it from being downloaded ?

  • jnewgas
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
22 Feb 2010 10:41 #60679 by jnewgas
AntiVirus 2010 is a nasty piece of malware which pretends to be an anti-virus program for XP and Vista. It is becoming quite common and seems to spread by getting users to click on a fake pop-up which then downloads AntiVirus2010.exe or AV2010.EXE

Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading :?:

John in London

Please Log in or Create an account to join the conversation.

More
22 Feb 2010 23:05 #60697 by kc_
train the users ;)

Please Log in or Create an account to join the conversation.

  • jnewgas
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
23 Feb 2010 00:44 #60699 by jnewgas
I have sent out a note to those I advise. However this has happened here at home and my normally aware daughter knew that there was a new Microsoft Anti-Virus and thought I had put it on her machine.

A constructive solution would be a good use of the filtering ability, for when someone is careless or inattentive - I am sure others would find it worth addying to their Vigor filters.

Please Log in or Create an account to join the conversation.

More
24 Feb 2010 11:04 #60744 by cifer
Blocking an exe by name is all well and good untill it changes name, which AV2010 does alot, not forgetting all the variants that now exists. web proxying would be the only way to prevent somthing like this with all traffic being scanned for malwar/virus/trojans.

Please Log in or Create an account to join the conversation.

More
24 Feb 2010 22:54 #60763 by cocospm

jnewgas wrote: AntiVirus 2010 is a nasty piece of malware which pretends to be an anti-virus program for XP and Vista. It is becoming quite common and seems to spread by getting users to click on a fake pop-up which then downloads AntiVirus2010.exe or AV2010.EXE

Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading :?:

John in London


While the particular variants you have experienced may happen to have the filenames you mention, using filenames to stop such threats is a non-starter. If you want such threats stopped at the firewall, you will need to go for a UTM (Universal Threat Management) firewall device, of which the Vigor routers are not. UTM devices come at a much higher price than the Vigors.

That said, UTM devices - like client (or server) security software - are regularly missing these kinds of threat just now. They are very sophisticated 'polymorphic' threats which mutate regularly, getting themselves past signature-based security software with ease.

As kC_ suggested, the only effective way to deal with these threats is to educate the user. Put simply, make the user familiar with what security software is installed on his/her computer, such that he/she can properly identify an alert window as being from that software. Then any other security alert is, by definition, malicious. If an alert pops up that cannot be positively identified as coming from their own security software, ensure they know to (a) avoid clicking on or otherwise interacting with the alert window in any way, and (b) go to the start button/orb and immediately restart the computer. This is not by any means foolproof but will, in conjunction with sensible security measures, very often prevent the threat taking hold.

Whatever you do, do not kid yourself into believing you can 100% secure a computer against such threats, save for throwing it in the nearest deep lake.

Please Log in or Create an account to join the conversation.

Moderators: Sami