Dealing with suspicious files (K2 #10)

Question of the Week
At the end of a system scan with Avira anti-virus software I get a summary report. If there are suspicious files detected or warnings, how do we deal with it?
-- Tandin Wangmo

Four ways to share files - without getting infected

In a interesting recent PaSsu Diary post, Passang Tshering wrote about his USB flash-drive being infected by a rather nasty virus after inserting the drive into a student’s laptop. Since so many laptops and desktops in Bhutan are infected with viruses, exchanging flash-drives is extremely risky. In fact, this is the most common way by which viruses are spread.

Here are four ways which enable file exchange with a very low risk of infection. They might need a bit more work that just swapping the flash-drive, but they will save your laptop.

Finalizing a CD

I recently discovered that the CD burning software that comes with Windows 7 does not allow you to "finalize" a CD after you burn files to it. Finalizing a CD means that you can no longer write to it. This is unfortunately true also for the burning software that comes with Windows XP and Vista. Their option "Close Session" does not finalize a CD.

Why do I need to finalize a CD? To avoid spreading malware (viruses, trojans, etc.). We use CDs for installing software on different machines, some of them might be infected by malware. A finalized (that is, un-writable) CD is safer than a USB pen-drive for this purpose, because even if inserted into virus-infected computers, the viruses will not transfer to the CD (whereas, they can transfer to a USB pen-drive or to an un-finalized CD!)

Note that CD-R does not mean that the CD becomes un-writable after burning, just like CD-RW.

The solution: Use a CD burning software that allows finalizing. We use Power2Go (paid). A free option that comes recommended (I haven't tried it) is CDBurnerXP. In the screenshot below you can see the option "finalize disc" (below "Device") in CDBurnerXP.

Salvaging files from an infected computer

A friend's computer recently got infected by a Trojan, and he contacted us to find out about ways to salvage the important files. Since this type of infection is common here in Bhutan, we thought that it would be good to share these tips. First, try using a good Anti-virus software. If that does not help, then try one of the following:

1. If the number of files to salvage is not too large, email them to yourself using an online email program  that has strong virus filters (such as gmail).
2. Another option for transferring the important files to the Web is uploading them to Google Docs. Note, however, that you will need a relatively fast Internet connection in order to upload large batches of documents. Also, the size limit per document is 1024 MB.
3. If the number of files to salvage is large and you have a computer running Linux, then you can transfer the files to an external hard drive or pen drive, then connect the hard drive to the Linux machine and transfer the files to the Linux machine. Two important points in this case: (1) The hard drive (or pen drive) is most likely infected now! Make sure to reformat it before connecting it to any Windows machine. (2) The files that were transfered to the Linux machine might still contain the malware. Although they will not harm anything in the Linux environment, if you move them back to a Windows machine they will regain their malicious power.

Pen-drive attacks US military

Pen-drives are a serious threat to your computer's health. Most computers in Bhutan are infected by malware (MALicious softWARE, such as viruses, worms, and Trojan horses) when a "sick" pen-drive (also known as a "flash drive" or "USB stick") is inserted into your desktop or laptop. Malware can reduce the performance of your computer, use your bandwidth, and in general be quite annoying. But it can also pose a real threat.

It was recently revealed that in 2008, an infected pen-drive was inserted into a laptop belonging to the US military. Once the laptop was infected, classified documents could be transferred to remote servers operated by a foreign government or other covert organization. The malware also spread and contaminated other computers in the military network. This attack, which started in the Middle East, was described by a U.S. official as the "most significant breach" of the U.S. military's computers ever.

Click here for the complete story.

Viruses attacking our phones

If you thought that your computer was the only battleground for combating malware (viruses, worms, and the like), think again. If you have a mobile phone that has bluetooth technology, you might be prey to malware as well!

I often keep my mobile phone's bluetooth turned on for transferring photos from my phone to my computer. Today, while I was in town, I noticed that an unknown phone was trying to connect with mine through bluetooth by sending me files of type .sis with names such as irsli3wp2js.sis. Luckily, I knew not to open the files. Once you click on the file and allow it to be installed, such viruses can infect your phone and then start looking for new devices in the vicinity to infect.

A host of worms and trojans are out there that infect mobile phones and also transfer themselves through the bluetooth connection. You can read more about mobile viruses on Wikipedia.

How to protect yourself? To avoid the malware that uses bluetooth technology, you can turn off your bluetooth when it is not in use or set your phone to "hidden" or "undiscoverable" while you're not using it. When mobile phones are used for carrying out sensitive actions such as financial transactions, then it is clearly worthwhile investing in security measures such as mobile phone security software.

Are viruses clogging Bhutan's information highways?

It seems that the number of "healthy" computers in Bhutan can be counted on a single hand. Many computers that I'm running into show clear symptoms of a sick machine, some of them so terminally ill that the only cure is the IT equivalent of a brain transplant, i.e., re-formating the hard disk. Most computer viruses spread when you insert an infected USB drive (also known as pen drive) into your computer. Once infected, your computer starts to slow down or otherwise behave strangely. If you have good and up-to-date anti-virus software installed, this can sometimes protect your computer.

In addition to slowing down your computer and otherwise being a major nuisance, malware (MALicious softWARE, such as viruses, torjan horses, and more) can also use your Internet connection. For example, Trojan horses can steal your files and passwords and send them over the Internet back to the hackers. Rootkits - another type of malware - often use your computer to attack other computers. All this takes place while you're online, and most likely you won't even notice it - although you might be annoyed by the apparently long time it takes for your Facebook wall to load.

Given Bhutan Telecom's consumer broadband prices - about Nu 160 per 1GB - a virus that uses a mere 0.5kB/second will cost you about Nu. 200 a month, assuming the infected computer is connected to the Internet 24 hours a day. If you have several infected computers sharing your Internet connection, your bill will be even higher. My advice: Obviously, always try to keep your computer clean. However, If you suspect a computer infection, turn off the broadband modem or computer(s) when not in use.

And on a national level: Given the increasing number of Internet-connected computers, the poor "health" of so many of them, and the finite international bandwidth, what price - in productivity and otherwise - are we paying for all those bandwidth-gulping computer viruses?