New Malware Strikes?

by Bob Seidel

We have reached a plateau in the fight against malware and spam. The available tools to fight this stuff are fairly effective these days, if you only take the time to install them and use them properly. But just having the proper tools on your own PC is not always enough, as one of my clients found out last week.

My client called me with the problem that their Internet service was very slow. I came out to take a look and when I navigated to one of the standard websites that measures performance (www.speakeasy.net/speedtest) the results were indeed terrible - less than a tenth of what they should be. I first suspected the Road Runner connection and called them up for a chat. They ran their diagnostics and came back with the conclusion that my client's router was bad. I took this at face value, and went to work.

I did a hardware reset of the router (restoring it to factory defaults), reconfigured it, and returned it to service. Everything seemed fine and performance was back up to where it should be. I left with a satisfied client, and a few good thoughts about Time Warner's service.

About 15 minutes later, my client was back on the phone; the performance problems had returned. Strange. The next morning I came back with a brand new router and installed it, and again all was OK. And, again, 15 minutes later my client was back on the phone!

Now this is getting serious! I then started looking for other potential causes of the problem. While back in their wiring closet trying to determine if their Ethernet switch was failing, I noticed that the problem only seemed to occurring when one particular port was in use. It turns out that this particular port is wired to an office that my client was renting, and the PCs in that office were not serviced by me. To make a long story short, one PC there seemed to be infected with a virus or perhaps part of a spam or denial-of-service farm - a collection of PCs managed by a bad guy. It seemed to connect somewhere and then start sending out huge amounts of Internet traffic after a few minutes. I disconnected the PC and informed the owner. Unfortunately, he did not have it fixed by me, so I can't report further on exactly what the infection was.

One of my other fellow PC servicepersons did see a similar problem also that week, so perhaps something is going around.

But the message here is that the owner of that particular PC did not have active firewall or anti-virus software installed. When I asked, he said that he thought his PC came with Norton but he had never actually installed it, and never actually purchased it after the 60 day trial period was up. If you buy a new PC, it may come with a trial of anti-virus software, but you usually have to go through the installation procedure, and ultimately purchase the product - rarely have I seen a new PC come with a completely installed, full-year anti-virus package. The only cases that I can recall where the PC did come with this software, it was actually an older version!

In this day and age, if you have an unprotected PC you are likely to be infected and it could affect your friends and co-workers. Although I have been a long time fan of the Norton Internet Security package, there are a number of similar packages available at a range of prices including free. Pick one, buy it, install it, and make sure it is updating its virus files and doing virus scans on a regular basis. If not, you are wide open for problems.

(Bob Seidel is a local computer consultant in the Southport - Oak Island area. You can visit his Website at www.bobseidel.com or e-mail questions or column ideas to him at bsc@bobseidel.com. For specific inquiries, please call Bob Seidel Consulting, LLC at 278-1007.)