Security Advisor

No Reinstall Needed for Trojan Popureb

Microsoft advises using the recovery console to remove the malware. Plus: Twitter's recent security rating; malware disguises itself as Windows Vulnerabilities Rescuer; debate over mandatory implementation of E-Verify.

• By Jabulani Leffall
• 07/05/2011

Microsoft wants to emphasize that in the case of the complex Trojan:Win32/Popureb.E bug, that a full system wipe and reinstall is really "not necessary" as has been suggested by earlier media reports and "play-it-totally-safe" IT security pundits -- some of whom provide background for this blog.

In worst case scenarios, the destroy and rebuild method is common to ensure that an infected PC is totally clean, and that using an OS reinstall disk and reloading apps, settings and architecture from a portable hard drive or powerful USB drive is, in some cases, the only sure bet for total removal.

However, in reference to an MMPC blog post first published on June 22, and covered by this blog last week, Jerry Bryant, Microsoft Trustworthy Computing spokesman ,tells MCPmag.com Security Advisor that using the recovery console to address Master Boot Record (MBR) issues is not designed to affect personal files. Redmond recommends customers practice reasonable back-up processes.

"Customers who wish to also restore their computer's system files to an earlier point in time may apply System Restore after using the rootkit removal tool," he wrote via e-mail, adding that System Restore also attempts to undo system changes without affecting personal files.

The clarification coming first in a blog late last week and now directly to Security Advisor, seems to suggest that a system wipe and reinstall is somewhat overkill.

Symantec's Social Media Attack Scorecard
As the IT and political world reel in the aftermath of the recent Twitter hoax claiming the President of the United States was assassinated in Iowa, Symantec has served up empirical data on social network incursions.

"We observed a sudden surge in the number of attcks on Facebook, then a peak, and then a drastic decline. While the attacks on Facebook declined, we observed a rise in attacks on Twitter, which then gradually waned out, followed by a surge of attacks on YouTube," the report stated.

While the report focuses primarily on spam and phishing attacks on these sites, it also deals with click jacking, spoofing and malware hidden in embedded links sent to users.

Malware to the Rescue... Not so Much
Designers of Windows scareware have taken the fear factor up a notch. The latest intruder -- digital wolf in a Trojan horse with sheep's wool -- is a Trojan-style virus under the guise of "Windows Vulnerabilities Rescuer" that triggers a remote-code execution (RCE) malware salvo after a panicked user clicks on it.

Like many scareware programs -- or what have now become known as "Fake Windows' security updates and notices -- Windows Vulnerabilities Rescuer uses  he guise of Microsoft logos to pretend to be a Microsoft Security Essentials AV component on Web sites. At the speed of a click, the attacker gains access to a victim's PC, thereby triggering the severe infection it was warning against in the first place.

Specifically, it will state some variant of this message: "Microsoft Security Essentials detected potential threats that might compromise your private or damage your computer. Your access to these items may be suspended until you take an action."

Speaking of messages, the clear one here is for administrators to understand the elements of whatever AV software used in the Windows processing environment and give end users clear knowledge of what is real and what is fake.

As we are now learning, literally and figuratively, bad things happen when you look in the wrong window.

Verifiable Evidence of Discontent
A new proposal in Congress forcing U.S. employers to use E-Verify is this week's sparking debate on the IT security, IT privacy, immigration and tech policy fronts.

The American Civil Liberties Union, the Liberty Coalition, the Electronic Frontier Foundation and several other privacy and labor groups have asked Congress to reject the recently rolled out Legal Workforce Act in part because it has a provision making E-Verify the sole system  for verification. This could set a pretty rigid and, at the very least, continually controversial precedent in the American workplace.

Among other things, the application enables employers to crosscheck data on an applicant from the Department of Homeland Security and Social Security Administration.

What seems to be tantamount to a routine background check would have immediate effects for all federal contractors and subcontractors and, by extension, the process cycle of HR departments in other related and non-related enterprise environments.

President Obama called the program an "important enforcement tool," but stopped short of supporting it wholesale.