jnewgas wrote:
AntiVirus 2010 is a nasty piece of malware which pretends to be an anti-virus program for XP and Vista. It is becoming quite common and seems to spread by getting users to click on a fake pop-up which then downloads AntiVirus2010.exe or AV2010.EXE
Any ideas on using the filters on a Draytek 2800 or 2820 to stop this from downloading :?:
John in London
While the particular variants you have experienced may happen to have the filenames you mention, using filenames to stop such threats is a non-starter. If you want such threats stopped at the firewall, you will need to go for a UTM (Universal Threat Management) firewall device, of which the Vigor routers are not. UTM devices come at a
much higher price than the Vigors.
That said, UTM devices - like client (or server) security software - are regularly missing these kinds of threat just now. They are very sophisticated 'polymorphic' threats which mutate regularly, getting themselves past signature-based security software with ease.
As kC_ suggested, the only effective way to deal with these threats is to educate the user. Put simply, make the user familiar with what security software is installed on his/her computer, such that he/she can properly identify an alert window as being from that software. Then
any other security alert is, by definition, malicious. If an alert pops up that cannot be positively identified as coming from their own security software, ensure they know to (a) avoid clicking on or otherwise interacting with the alert window in any way, and (b) go to the start button/orb and immediately restart the computer. This is not by any means foolproof but will, in conjunction with sensible security measures, very often prevent the threat taking hold.
Whatever you do, do not kid yourself into believing you can 100% secure a computer against such threats, save for throwing it in the nearest deep lake.
