Friday, August 02, 2013

Whirlpool knowledge base article links a to site infected with malware

The problem with surfing the internet is often you can end up at a site which has malware. This week I removed malware from one client's computer which resulted from them surfing the internet.

I was researching IPTV services using Google and one page which displayed in the search  results was a Whirlpool page (http://whirlpool.net.au/wiki/internet_television) . I went to the page and found the link to PC TV Software. I followed the link as most people would but then Windows Defender warned there was malware. It should be kept in mind this isn't a page when anyone can post but is a page which is part of Whirlpool's knowledge database.


The lesson here is make sure you are running antivirus software on your computer. You may wish to consider alternative techniques when researching and surfing the internet.

A client recently infected their computer when they visited a fellow recruitment agency's site who was a friend of theirs. The site remained infected for close to a week by the time I was called in to remove the malware from the client's machine.

The only time I've recently infected my computer was when I used software from the SourceForge site which I've visited for years. SourceForge wasn't infected, the program I downloaded wasn't infected, but the site the program took me to after it launched had become infected. I even scanned the program using multiple tools to ensure the program was clean of malware but I did not anticipate the program would open an infected page or in fact had expected it to open a page. The problem with open source software is developers need to make money and sometimes the techniques they use such as taking you to a page which isn't expected, can leave you open to exposure. I removed the malware (a couple of hours work) and then went to the Microsoft App Store and downloaded an app which provided the same functionality. An approach I now consider to be much safer than SourceForge.

Whirlpool is in the top 100 sites in Australia and is thus frequented by a huge number of Australians. A link on one of their knowledge base pages to an infected site is a real concern.

There are lessons that can be shared from these situations. Generally when I'm researching I reboot my computer using a secure disk (used by the American armed forces) which protects my computer from infection. (This disk is available to clients once I make sure it works on their equipment.)

Whilst it is extremely convenient to research using the computer you're currently on, perhaps it may now be prudent to use an older second computer that doesn't offer the same exposure, or to use the secure boot disk approach I use if appropriate.

The lesson I learnt from the recent infection was that some of the sites I've trusted in the past may not be as trustworthy as they could be. Microsoft's app store being more trustworthy than SourceForge was not expect. Finding a link on the Whirlpool site which took me to an infected site was unexpected, but now I will be more cautious when using Whirlpool.

Kelvin Eldridge
www.OnlineConnections.com.au
Call 0415 910 703 for computer support.
Servicing Doncaster, Templestowe, Eltham and the surrounding area.

No comments:

Post a Comment