The malware I didn’t for

Keeping a computer free of virusses and malware is getting harder and harder these days, if you’re not someone who regularely uses computers, like me. And even then you have to be on full alert.

Maintenance of other peoples computers (and other devices) is not really something I like to do often. But on the other hand, I don’t like friends and family getting all their browser history sold to the highest bidder or having their every keystroke being delivered to whatever. So once a while I clean a computer here and there, only to find it refreshed with new malware a couple of months down the road. So I’ve asked people if they would like to buy a full license for Malwarebytes so I can allow it to automatically block and clean malware. Problem solved, I thought.

Two weeks ago I found out how malware can appear anyway, even after my clear (I think) advice AND anti-malware software. A family member wanted to share some photo’s and friends of that individual told him that is a site that can do just that. Now in itself is – as far as I’ve found out – a decent site that just does as it advertises.

If you type “wetransfer” in Google, you’ll find as the number one result, including sublinks to explanations how it works, where to login, etc..

Searching for wetransfer on Google.

Searching for wetransfer on Google.

However, the browser of this family member was altered in such a way that Google wasn’t the default search engine anymore. was now the default search engine. You’d think the difference was obvious, but non-tech people miss even these details. And apparently they love toolbars.

So I was interviewing (read “grilling”) this family member to find out how malware got on his system and was able to get installed and managed to disable Malwarebytes. Surely there has been some kind of warning? But the memory of said family member failed to find the relevant details. Which is not uncommon. You can shout “WHAT WAS THE ERROR MESSAGE” all you want, but people rarely keep logs. Even I don’t (but then again I have a brain that was trained to remember important computer messages for 25+ years).

Then I had a stroke of insight. Could have played a part in this short, but unfortunate series of events? I already removed the toolbar and send it to a place where the leds don’t shine. But being technically able, I could type in “” in the address bar. And I searched for “wetransfer”. It looked like this: result when looking for wetransfer result when looking for wetransfer

I tried the uppermost link on my home computer, with it’s browser with default disabled JavaScript, Flash and deinstalled Java. Immediately alarmbells went off in my virusscanner and also Malwarebytes gave a warning. Bad site! Bad, bad site.

So this is, what I think what happened:

  1. Oracle’s Java says it’s time for an update.
  2. Family member installs Java update (also because I’ve said so). Probably best to keep everything default. Like the toolbar.
  3. Family member now has browser with toolbar.
  4. Family member goes searching for “wetransfer” to get photo’s uploaded, enters malware distributing site.
  5. The computer of family member gets malware, which disables Malwarebytes.
  6. A month later I foam at the mouth for having to clean said computer ONCE again.

And I ask: Oracle, why keep offering the toolbar by default? is a very weak search engine. It can not hold a candle to Google or Bing. At least it’s not able to filter out malware-sites. It is not helping people and they didn’t consiously asked for it anyhow. It’s indirectly getting people’s computers infected with malware.

For non-tech people it is already hard enough to “do the right tech thing”. The last thing a reputable corporation should do, is make things worse, like installing a wonky toolbar everywhere. Yes, I know they don’t have to. But you know as well as I do that non-tech people think that tinkering with the default install options is dangerous and rather click next, next, next.

So I would like to say in a Reaganesque voice: “Mr. Ellison, tear down this toolbar”.


About Marcel-Jan Krijgsman

Ever since I started working with Oracle, I had an interest in Oracle database performance tuning. This led, eventually, to a four day training I made and gave for customers of Transfer Solutions. Since 2012 I work for Rabobank Nederland. A few years ago I also became interested in Oracle database security. All technology aside, it is my experience that security usually plays out on a political level. I'm a Oracle certified professional for the 8i, 9i, 10g and 11g databases and Oracle Database 11g Performance Tuning Certified Expert.
This entry was posted in Getting a life and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s