On Wed, 13 Aug 2014 13:58:52 -0700, "David Kaye"
Some of my customers got clobbered by this one earlier this year:
I had to remove all the Yahoo toolbars and add-ons in order to get rid
of it. It's probably fixed by now, but someone may have cloned the
According to this article "90% of unknown malware is delivered via the
web" and not via email. I believe it:
The various auntie-virus programs seem to do well at catching malware,
but not browser based attacks.
In March(?), I had several weather stations, with no human operators,
get infected within a few days of each other. It had to be something
in the installed software. I would delete the malware, but it would
come back after a few hours or days. It turned out to be a local
small footprint web server, which was checking for updates from a
server, with no authentication. Someone had hijacked the domain,
redirected the update checks, and replaced the updates with malware
Reverse engineering the successful malware infections on my customers
machines yielded an odd pattern. Most were the result of clicking on
fake updates and popups. A few were from bogus email. However, the
largest number were from web exploits that attacked via Adobe Acrobat
little security. Both seem to be getting better with updates, but
rather than become part of a damage control exercise, I've removed
Flash from most machines, and replaced Acrobat with PDF-Xchange. If
Flash is needed, they use the built in Flash player in Google Chrome.
I'm not tracking all my customers machines, but the one's that
previous gave me the most problems have not had any malware infections
for about 6 months.
Assuming nobody is web browsing or checking email on the POS
terminals, I would check what programs are doing automagic updates and
temporarily kill those updates to see if that's the culprit. Also,
look (again) for a root kit, which can be difficult to find. Also use
Gparted or other partition editor to see if there are any mysterious
partitions that don't belong.
Jeff Liebermann ***@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558