So here I was, minding my own little business this morning, when I checked my email for the first time. As I went through the unread emails, I found one from “eFax Corporate [message@inbound.efax.com]”. I checked the detailed information about that email and it actually seemed legit. Kaspersky had labeled the email as probable spam, but that was it. Nothing else out of the ordinary. And of course, the email had an attachment, compressed. So I decided to look into it.

I raised all my defense mechanisms to the highest, and proceeded to decompress the file that came attached to that email. It turned out to be a program, not a document. I scanned it with Kaspersky. Came out clean. Next, and this is the kicker, I submitted the file to a website that scans it against FORTY SIX different antivirus engines. All the brands you might have heard about and then some. How many of these antivirus engines identified the file it as malicious? ZERO! NONE! Unbelievable. I’m not kidding. Look:

I started to think, maybe the file wasn’t malicious after all; Then I laughed at myself for thinking that. Since I felt a little lazy, rather than firing up my test computer to analyze the program behavior when opened in real time, I submitted the file to a service that does that for me online, and then emails me the complete analysis results. I got an email back and…

I’ll spare you the technical details but that little file reminded me of that scene in the movie Transformers where a cell phone is radiated with the special beam of energy that animates it and the cell phone transforms into this destroying little machine inside a secure container; It goes berserk. That program did all kinds of things, from creating files, to deleting the original program, establishing network connections, modifying  the registry, on and on. Definitely malicious.

This was the first time I’ve seen a program that is obviously malicious get a 0% rate of detection when scanned with those 46 antivirus engines. I had seen 6/46 or even 4/46, but never 0/46! Must have caught a really fresh one that no one has had the time to label as malicious and incorporate to the antivirus black lists so it gets detected.

But my point and the moral of the story is that, unfortunately, and as I’ve said in several occasions, traditional antivirus detection methods are just not enough to catch all malware anymore. It takes the full 4-prong security model laid out in my pivotal article, written a while back, to ensure the best chance at remaining immune to most attacks.

This infection can happen if you visit a malicious website, whether malicious because the creator intended it to be that way, or a legit website that has been compromised. In any case, you’ll see a big warning across your browser window that reads:

Warning! Critical Update!

And then underneath a button that reads “Install Update”.

Two things to be aware of. First, even if you don’t click on the “Install Update” button, you might see a download happening. Needless to say, don’t open that download. Second, if you try to just close the browser window, a pop-up will warn you that you cannot navigate away from the page until you install the update. This is done in such a way that it’s hard to actually close the window. If you are somewhat savvy, use the Windows Task Manager to kill the process that runs the browser window. If you don’t know what I’m talking about, either log off or restart your computer. That will force the window to close.

Hopefully you did not make the gargantuan mistake of opening the downloaded file to “update” your browser, because if you did, and you’re not properly protected, a program will be running in the background that is silently waiting to steal your passwords and send them over to the bad guys.

If you have proper protection in place, such as the model I laid out 4 years ago, you will be safe against this attack. I specifically tested this on a computer that had Kaspersky antivirus, Malwarebytes Anti-malware Pro, and AppGuard installed in it, and each one independently blocked or quarantined or deleted the malicious downloaded file.

And of course if all fails you can always contact me.

Kaspersky Internet Security, the antivirus security suite, includes as part of its features the possibility to create a “rescue disk”, which you can use to boot your computer with. in order to handle highly infected computer systems. In trying to use it, I ran into a snag in a computer. The rescue disk did not load successfully.

I searched for an answer to the problem and found this article: http://support.kaspersky.com/4124. It lays out what to do to gather information about the computer one is having trouble with, so the Tech Support staff can help resolve the situation. At the end of the article it says “Create a request to Kaspersky Lab Technical Support via the My Kaspersky Account service. Attach the created file to the request.” And so I did.

The response I got?

 1. An automated response.

2. An automated response based on the type of problem I chose during the creation of the request.

3. The following email: 

“Hello ,

Thanks for communicate with us and I apologize for the inconvenience. In your case read the instruction to check the options for this process and if you went thru and still having the issue I will recommend you to look for a tech service.

Thank you.”

4. When I replied stating I was still having the issue, and after A WEEK, I got this reply:

“Hello ,

Thanks for the response. I’m sorry but will be better for yu to take the computer to a computer technician.

Thank you.”

 I’m letting Eugene Kaspersky, the CEO of the company, know my thoughts about his company’s Tech Support division.