Jay and Dave ride again! 

Four weeks in a row, the clicking and clacking blogging brothers talk about the reboot of journalism, the news of the week, and a new $1.75 million fund for investigative journalism that Jay is advising.

http://mp3.morningcoffeenotes.com/clickClack09Mar29.mp3

Hope you enjoy!

Spyware Protect 2009 strikes again 

Earlier this month my netbook was infected.

Yesterday, after checking into my Salt Lake City hotel, I wanted to see if their wired Internet was faster than my Sprint EVDO. So I did a Google search for "speed test" and clicked on the first three tests, Speakeasy, Speedtest and CNET. I wasn't expected to get infected, wasn't even thinking about it, so of course I didn't take notes. But a couple of them came up with empty frames after running their tests. I assumed this was because I had Java turned off. I decided the tests weren't worth the trouble so I just used the EVDO. After a bit of putzing around I went out to dinner.

When I came back, there was a familiar malware dialog on the display, warning that my machine had been infected and wanting me to install some software to fix it. Yeah yeah. This time I didn't click any buttons, I just let it keep warning me.

I had Avast installed, but a week or so ago I had turned it off, it was too annoying. At that moment of course I wished I hadn't. I ran its scanner, it found the virus, said I had to reboot, which I did, and when it started back up it did a scan of the hard disk, but found nothing further. Then the malware started acting up again. I ran the Avast scan again, and it found it, recommended I reboot, this time I didn't.

I did a Google search for "spyware protect 2009" found a Yahoo Answers page that suggested doing what I had started doing, plus running one more program, Superantispyware, which I downloaded, but chose not to run. I remembered from last time that this rootkit virus patches the hosts file, and I didn't trust anything I had downloaded after the infection. (Later I found that it had patched the hosts file, but not for this domain, so the download was likely safe, I trashed it anyway and redownloaded.)

I then ran Malwarebytes, it found the virus, asked me to reboot so it could remove it, I did, and this time, no more dialogs. Even so, when I did another scan of Avast, it found the rootkit, and at this point I was beginning to think there was no getting rid of the mess, but it did get rid of it. Another scan by Malwarebytes found nothing, and then Avast found nothing. I ran Superantispyware and it found nothing. So at this point, I'm convinced my machine is clean again, and I have Avast turned on.

Lessons learned:

1. Java is not the root of this problem.

2. Both times my machine got infected I was using a speed test site to evaluate the performance of someone else's network. My guess is that it isn't the speed test site, because Google has a pretty strict policy about malware sites, and it seems pretty unlikely they'd point to an infected site on the first page of hits on something so common and important as a network speed test.

3. Using Firefox is no longer a protection against malware, if it ever was. It's now popular enough that the nasty people target it, in addition to MSIE.

4. While I was fighting this I was thinking this is the last time I travel with Windows. But now that things are working again, I don't feel that urgency. Human nature at work!