Users Beware....April Antivirus Update

Users beware - viruses come in all shapes and sizes!

Many people already know how to recognize sketchy files - usually they show up as attachments in unsolicited emails and/or have suspect file extensions. Viruses commonly have the .exe extension although several other file extensions are risky like .com, .app, or .vb. You will avoid a significant amount of malware if you simply never run a file with one of the above extensions that you don’t know. Windows by default hides file extensions to make file lists easier to read but you should turn them on and get familiar with what files exist on your computer. You can do this on Windows 10 by selecting the view tab at the top of your file explorer window and checking the file name extensions box shown below.

Get to know what kinds of files are on your computer - show your file extensions!

Get to know what kinds of files are on your computer - show your file extensions!

2019_04_04_10_41_17_Window.png

Let’s assume we are checking file extensions for this excellent tune. We know running unknown .exe files could be dangerous but do we react the same way to an .mp3 file? Probably not, .mp3s are usually music so we tend to run them without a second thought.


2019-04-04 11_06_38-Window.png

Let’s say we create an undetectable virus called Scott.exe. We assign it the VLC pylon icon to trick users that aren’t showing file extensions into thinking it’s an .mp3. Users that are showing file extensions are on to the scam - the .exe on the end is a dead give away! You should always be careful with .exe files.


Most people know not to run that .exe file assuming they are giving themselves all the necessary information by showing file extensions. For the sake of this example our virus file opens calculator but a real virus could wreak all kinds of havoc on your system.

scott.gif

By this point you’re feeling pretty confident that you can spot malicious files. You’ve already adjusted your view settings to show file extensions while reading this post and you’re feeling good about your heightened technical awareness.


2019-04-04 11_10_12-Window.png

Seems like a perfect time to show you a terrifying new trick: notice we’ve changed the .exe file’s extension to .mp3. You’re probably a bit curious that we left that exe in the name but you’re thinking it’s an .mp3 file so it should be safe right?

stillvirus.gif

Think again - there’s no special effects. The Scottexe.mp3 file is still a virus as you can tell by the ominous appearance of the calculator instead of VLC above. Though it appears to be safe .mp3 file, it most certainly is not.

While your newfound knowledge of file extensions has increased your technical awareness, it is not a full-proof method for identifying malicious files. Never run files unless you know they are legitimate and have, ideally, scanned them with anti-virus software.


I’m sure everyone is curious about updated results from our virus collection efforts, first documented in November’s blog We Discovered a New Virus.

LARG*net still contributes to the collection and submission of new viruses via an online community of security-minded individuals. Crowd-sourcing the process enables quicker detection of new viruses and improves global antivirus response time. We believe strongly in this initiative as it increases global online security.

January’s graph peaked at around 80 detections for Kaspersky. Kaspersky, Zone Alarm, Dr Web, and Fortinet are still the top 4 detectors. Avast/AVG and Gdata have all increased their performance in the last 3 months. It’s good to see consistency from the top performers alongside improvement from the others, overall this bodes well for anti-virus software users.

New Virus Detections Since January

We have more than doubled our total virus collection since our last update in January.