I don’t normally include articles in my email newsletter that I’ve already published in my online newsletter, or vice versa, but sometimes readers don’t read the online newsletter.
It’s a special message to the roughly 2/3rds of my email subscribers who don’t read my online newsletter also — the two issues are different and you’re missing some important information if you don’t read both.
Although I publish both the email and online issues every Sunday, the online articles are always different than the email ones — sometimes expanded articles, but usually completely different articles. The online issue is also where I have the articles that need screenshots or other illustrations.
Why am I going to include this article?
Last week, subscriber Fred (who preferred to remain somewhat anonymous) wrote me to tell me that he’d been bitten by a malware problem — and it was one that I’d warned about in my July 13, 2008, online newsletter.
Just a quick note about this.
I have used a Linksys Router for some years with great satisfaction, however, through complacency or whatever, I did not change the default password etc on it. One day I was surprised to find that my firewall (Zone Alarm Pro had stopped a high level attempt at access.
When I checked my modem I found that the password had been changed!
I immediately wiped my modem data and installed a new high level password. There have been no subsequent access attempts.
So I advise everyone now to change their modem passwords and not to leave it with just the default one
I wrote back to Fred to say:
Thanks for the comment, Fred. As you point out, this is a real-world problem now. I’ve written about it in the past, first as a possibility and then warning that there were exploits in the wild.
Resetting your router to the factory default settings is just the first step — obviously something managed to run on your computer and make those changes.
Regardless of what antivirus and antispyware program you use, since it obviously didn’t stop the problem, you should try another brand to try to clean your system.
If you don’t try VIPRE, be sure to check your computer with a different brand of antivirus and with a different brand of antispyware than you are currenttly using.
That’s the basic problem. Not only did something change the password on his Cable/DSL Router, that something had to be running on his computer in order to make the change.
Fred probably got infected by an Active-X download from a web site, or by a fake codec that a web site told him was necessary to display a video, or via an attachment to an email. Regardless, it is something thatt I think his antivirus program or antispyware program should have caught.
I also think his antivirus program and/or his antispyware program should have caught the invasion — and his firewall program should have prevented the malware from communicating OUTBOUND from his computer (so, you should realize that the Windows XP firewall isn’t good enough).
All antivirus programs are not equal. All antispyware programs are not equal. You need good, effective antivirus, antispyware and firewall programs running on your computer.
One of the most important things, in my opinion, is to use an always-running antispyware program, and not just one that occasionally scans for problems after the fact. It’s a lot better to prevent a problem than to clean it up after it occurs. That was part of Fred’s problem — and, now, he uses an always-running one.