These are 'The Good Guys' in the Anti-virus battle:
Everyone in the United States has heard of the leading antivirus vendors Symantec, Mcafee, Computer Associates, and Trend Micro.
These companies have market-leading presence, particularly in the United States. Microsoft is also becoming a key player in this market.
Microsoft acquired intellectual property and technology from GeCad software in 2003. The GeCad company's home-base is in Bucharest, Romania.
Microsoft also Pelican Software, which had a behavior based security as well as Giant Company Software for spyware and Sybari Software, which manages virus, spam, and phishing filtering.
A lot of discussion has centered on whether or not Microsoft has come into its own as a dominant factor in the antivirus market - by way of simply bundling its security technologies along with operating systems - at no charge.
This 'bundling' technique applied in other markets - such as word processing and Internet browsers.
Of course there are a number of antivirus vendors who also play in this market.
Becoming well known and establishing a firm market presence are companies like:
GriSoft - out of the Czech Republic
Sophos - in the United Kingdom
Panda Software - from Spain
Kaspersky - in Russia
SoftWin - in Romania
F-Secure - in Finland
Norman - in Norway
Arcabit - in Poland
VirusBuster - out of Hungary
and
AhnLab in South Korea.
It is not clear exactly where the industry is heading, but it is not doubted that everyone within this market faces a rapidly changing landscape. The amount of effort to find and provide fixes for viruses is staggering. Malicious programs are getting more complex and the number of them is increasing at an alarming rate. Many companies quickly find themselves without the resources to match efforts of those truly bent on creating havoc.
Some virus companies are getting of hundreds of new samples a day! Moreover, new viruses are getting "smarter" in that they propagate themselves quickly and they often hide themselves and are smart enough to move around in a system by renaming themselves in an effort to make it hard to remove them.
Showing posts with label Windows Security. Show all posts
Showing posts with label Windows Security. Show all posts
Saturday, April 21, 2007
Not Just a Greek Myth - The Trojan Horse
We have all heard the term "Trojan Horse," but what exactly is it - aside from Greek Myth?
A Trojan Horse is a destructive program that masquerades as a harmless application (Just like Odysseus' harmless 'gift' horse that was accepted into the city of Troy). Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive.
One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses - but instead - (the gift) introduces viruses into your computer (the army bursting OUT of the horse in the middle of the night to attack Troy/your computer) .
The Trojan can be engineered as extremely tricky.
Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus?
Or - more frightening still - you receive an email that claims to be alerting you to a new virus that can threaten your computer! The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their "free", attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable.....
So how to you proceed?
...many people proceed by taking the advertisers up on their offer - just in case - and they download the software!
In doing so, a user has just potentially exposed his/herself to a gargantuan headache and a computer system to a sundry list of ailments!
When a Trojan is activated, several things can occur:
Some Trojans are more annoying than malicious.
Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons.
More serious, malicious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware (such as viruses), spy on the user of a computer.
Trojan spyware can secretly report data to their makers - like browsing habits, passwords, credit car numbers, bank account details, etc.
Trojans may insert keyloggers to keep track of a user's keystrokes and gain 'the usual information' - passwords and credit card numbers, phish for bank account details (which can be used for criminal activities).
Trojan programs can even install a "backdoor" into your computer system so that the Trojan-maker/expert can come and go into and out of your computer at will and at his or her convenience!
To increase your odds of AVOIDING a Trojan - STOP TALKING TO GREEK PEOPLE AND DON'T ACCEPT GIFTS FROM GREEKS.....
Haha - okay - just joking. There's absolutely no fear to be had with any kind of people EXCEPT those who are designing and distributing Trojan software programs.
Here are some recommended guidelines for avoiding Trojan horse viruses
follow these guidelines. Remain diligent Trojans can infect your computer
#1 - Remain diligent in your use of ANTI-spyware and ANTI-virus softwares that are trusted. If you're using some antivirus programs already that have worked in the past - UPDATE those before you go looking around for the next greatest, latest softward - especially downloadable programs! (Remember - these are often the 'gift' of a virus).
Trojans can infect your computer through rogue websites, instant messaging, and emails that contain attachments.
Do not download anything into your computer unless you are 100 percent sure of its sender or source.
Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.
Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms.
Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.
Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer.
*note
A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.
Nothing can absolutely guarantee the security of your computer 100 percent, however YOU SHOULD ALWAYS BE THINKING OF HOW TO MAKE IT MORE DIFFICULT FOR A VIRUS TO ENTER YOUR SYSTEM!
You can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines, as a minimum measure to protecting yourself and your computer.
Last tip:
If you have previously 'not been interested' or 'haven't had the time' to learn more about PC Security, I recommend that you do whatever it takes to overcome your disinterest and the time-management issues that keep you from learning more about how to keep your computer (and your personal information) safe from malware-distributors, hackers, ID Theives and the like!
A Trojan Horse is a destructive program that masquerades as a harmless application (Just like Odysseus' harmless 'gift' horse that was accepted into the city of Troy). Unlike viruses, Trojan Horses do not replicate themselves, but they can be just as destructive.
One of the most dangerous examples of a Trojan is a program that promises to rid your computer of viruses - but instead - (the gift) introduces viruses into your computer (the army bursting OUT of the horse in the middle of the night to attack Troy/your computer) .
The Trojan can be engineered as extremely tricky.
Who hasn’t been online and had an advertisement pop up claiming to be able to rid your computer of some nasty virus?
Or - more frightening still - you receive an email that claims to be alerting you to a new virus that can threaten your computer! The sender promises to quickly eradicate, or protect, your computer from viruses if you simply download their "free", attached software into your computer. You may be skeptical but the software looks legitimate and the company sounds reputable.....
So how to you proceed?
...many people proceed by taking the advertisers up on their offer - just in case - and they download the software!
In doing so, a user has just potentially exposed his/herself to a gargantuan headache and a computer system to a sundry list of ailments!
When a Trojan is activated, several things can occur:
Some Trojans are more annoying than malicious.
Some of the less annoying Trojans may choose to change your desktop settings or add silly desktop icons.
More serious, malicious Trojans can erase or overwrite data on your computer, corrupt files, spread other malware (such as viruses), spy on the user of a computer.
Trojan spyware can secretly report data to their makers - like browsing habits, passwords, credit car numbers, bank account details, etc.
Trojans may insert keyloggers to keep track of a user's keystrokes and gain 'the usual information' - passwords and credit card numbers, phish for bank account details (which can be used for criminal activities).
Trojan programs can even install a "backdoor" into your computer system so that the Trojan-maker/expert can come and go into and out of your computer at will and at his or her convenience!
To increase your odds of AVOIDING a Trojan - STOP TALKING TO GREEK PEOPLE AND DON'T ACCEPT GIFTS FROM GREEKS.....
Haha - okay - just joking. There's absolutely no fear to be had with any kind of people EXCEPT those who are designing and distributing Trojan software programs.
Here are some recommended guidelines for avoiding Trojan horse viruses
follow these guidelines. Remain diligent Trojans can infect your computer
#1 - Remain diligent in your use of ANTI-spyware and ANTI-virus softwares that are trusted. If you're using some antivirus programs already that have worked in the past - UPDATE those before you go looking around for the next greatest, latest softward - especially downloadable programs! (Remember - these are often the 'gift' of a virus).
Trojans can infect your computer through rogue websites, instant messaging, and emails that contain attachments.
Do not download anything into your computer unless you are 100 percent sure of its sender or source.
Ensure that your operating system is always up-to-date. If you are running a Microsoft Windows operating system, this is essential.
Install reliable anti-virus software. It is also important that you download any updates frequently to catch all new Trojan Horses, viruses, and worms.
Be sure that the anti-virus program that you choose can also scan e-mails and files downloaded through the internet.
Consider installing a firewall. A firewall is a system that prevents unauthorized use and access to your computer.
*note
A firewall is not going to eliminate your computer virus problems, but when used in conjunction with regular operating system updates and reliable anti-virus software, it can provide additional security and protection for your computer.
Nothing can absolutely guarantee the security of your computer 100 percent, however YOU SHOULD ALWAYS BE THINKING OF HOW TO MAKE IT MORE DIFFICULT FOR A VIRUS TO ENTER YOUR SYSTEM!
You can continue to improve your computer's security and decrease the possibility of infection by consistently following these guidelines, as a minimum measure to protecting yourself and your computer.
Last tip:
If you have previously 'not been interested' or 'haven't had the time' to learn more about PC Security, I recommend that you do whatever it takes to overcome your disinterest and the time-management issues that keep you from learning more about how to keep your computer (and your personal information) safe from malware-distributors, hackers, ID Theives and the like!
Am I Being Watched?
Do you feel like someone is watching you?
It might be true!
You could have Spy-Ware on your computer and, indeed, someone COULD BE watching your every internet move!
Spyware is one of the fastest-growing, most constant internet threats of today. According to the National Cyber Security Alliance, spyware infects more than 90% of all PCs today. These unobtrusive, malicious programs are designed to engage with your computer, silently bypassing your firewalls and your anti-virus software without the user being aware of their presence.
Once embedded into a user's computer system, a spyware program can cause havoc to the sytem's performance while, at the same time, it gathers your personal information as well as details about your surfing habits.
Fortunately, spyware programs do not usually self-replicate - like viruses and worms do.
Where does spyware come from?
Typically, from three main sources or in three basic ways:
First and most common:
The user installs it unknowingly themselves! Spyware is embedded, attached, or bundled with a freeware or shareware program without the user’s knowledge. The user downloads the program to their computer, then installs what they think is just the program they downloaded. The spyware installs, as well, during the other program installation.
Once installed, the spyware program goes to work collecting data for the spyware author’s personal use or to sell to a third-party.
Beware of many P2P file-sharing programs!!
They are notorious for spreading downloads that posses spyware programs.
The user of a downloadable program should pay extra attention to the accompanying licensing agreement.
Often the software publisher will warn the user that a spyware program will be installed along with the requested program. Unfortunately, we do not always take the time to read the fine print.
Some agreements may provide special "opt-out" boxes that the user can click to stop the spyware from being included in the download. Be sure to review the document before signing off on the download.
Another way that spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations.
The Internet Explorer Web browser was designed not to allow websites to start any unwanted downloads. That is why the user has to initiate a download by clicking on a link. These links can prove to be deceptive.
For example:
a pop-up modeled after a standard Windows dialog box, may appear on your screen. The message may ask you if you would like to optimize your internet access. It provides yes or no answer buttons, but - no matter which button you push, a download containing the spyware program will commence.
Newer versions of Internet Explorer are now making this spyware pathway into our computers a more difficult task.
Finally, some spyware applications infect a system by attacking security holes in the user's Web browser or other common software. When the user navigates a webpage controlled by a spyware author, the page contains code designed to attack the browser, and force the installation of the spyware program.
What can spyware programs do?
They can accomplish a great number of malicious tasks. Some of their deeds are simply annoying for the user - but other functions can be downright aggressive in nature.
Spyware can:
* Monitor your keystrokes for reporting purposes.
* Scan files located on your hard drive.
* Snoop through applications on our desktop.
* Install other spyware programs into your computer.
* Read your cookies.
* Steal credit card numbers, passwords, and other personal information.
* Change the default settings on your home page web browser.
* Mutate into a second generation of spyware thus making it more difficult to eradicate.
* Cause your computer to run slower.
* Deliver annoying pop up advertisements.
* Add advertising links to web pages for which the author does not get paid. (Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings).
* Provide the user with no uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove.
Here are some examples of commonly seen spyware programs. Please note that while researchers will often give names to spyware programs, they may not match the names the spyware-writers use.
CoolWebSearch - a group of programs that install through "holes" found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites.
Internet Optimizer (a/k/a DyFuCa), likes to redirect Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.
180 Solutions reports extensive information to advertisers about the Web sites which you visit. It also alters HTTP requests for affiliate advertisements linked from a Web site. Therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they’ve altered.
HuntBar (a/k/a WinTools) or Adware.Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs. It’s a prime example of how spyware can install more spyware.
These programs will add toolbars to Internet Explorer, track a user's browsing behaviors, and display advertisements.
How to prevent spyware?
There are a couple things you can do to prevent spyware from infecting your computer system.
First:
* invest in a reliable commercial anti-spyware program. There are several currently on the market including stand alone software packages such as Lavasoft’s Ad-Aware or Windows Antispyware. Other options provide the anti-spyware software as part of an anti-virus package. This type of option is offered by companies such as Sophos, Symantec, and McAfee. Anti-spyware programs can combat spyware by providing real-time protection, scanning, and removal of any found spyware software.
Also:
* you should update your anti virus software frequently. As already mentioned, the Internet Explorer (IE) is often a contributor to the spyware problem because spyware programs like to attach themselves to its functionality. Spyware enjoys penetrating the IE’s weaknesses. Because of this, many users have switched to non-IE browsers. However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly, and only download programs from reputable sources. This will help reduce your chances of a spyware infiltration. .
And, when all else fails?
Finally, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete re-install of the operating system.
Not something one wants to think about, for sure, but sometimes it is the only way to get rid of malicious programs.
It might be true!
You could have Spy-Ware on your computer and, indeed, someone COULD BE watching your every internet move!
Spyware is one of the fastest-growing, most constant internet threats of today. According to the National Cyber Security Alliance, spyware infects more than 90% of all PCs today. These unobtrusive, malicious programs are designed to engage with your computer, silently bypassing your firewalls and your anti-virus software without the user being aware of their presence.
Once embedded into a user's computer system, a spyware program can cause havoc to the sytem's performance while, at the same time, it gathers your personal information as well as details about your surfing habits.
Fortunately, spyware programs do not usually self-replicate - like viruses and worms do.
Where does spyware come from?
Typically, from three main sources or in three basic ways:
First and most common:
The user installs it unknowingly themselves! Spyware is embedded, attached, or bundled with a freeware or shareware program without the user’s knowledge. The user downloads the program to their computer, then installs what they think is just the program they downloaded. The spyware installs, as well, during the other program installation.
Once installed, the spyware program goes to work collecting data for the spyware author’s personal use or to sell to a third-party.
Beware of many P2P file-sharing programs!!
They are notorious for spreading downloads that posses spyware programs.
The user of a downloadable program should pay extra attention to the accompanying licensing agreement.
Often the software publisher will warn the user that a spyware program will be installed along with the requested program. Unfortunately, we do not always take the time to read the fine print.
Some agreements may provide special "opt-out" boxes that the user can click to stop the spyware from being included in the download. Be sure to review the document before signing off on the download.
Another way that spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations.
The Internet Explorer Web browser was designed not to allow websites to start any unwanted downloads. That is why the user has to initiate a download by clicking on a link. These links can prove to be deceptive.
For example:
a pop-up modeled after a standard Windows dialog box, may appear on your screen. The message may ask you if you would like to optimize your internet access. It provides yes or no answer buttons, but - no matter which button you push, a download containing the spyware program will commence.
Newer versions of Internet Explorer are now making this spyware pathway into our computers a more difficult task.
Finally, some spyware applications infect a system by attacking security holes in the user's Web browser or other common software. When the user navigates a webpage controlled by a spyware author, the page contains code designed to attack the browser, and force the installation of the spyware program.
What can spyware programs do?
They can accomplish a great number of malicious tasks. Some of their deeds are simply annoying for the user - but other functions can be downright aggressive in nature.
Spyware can:
* Monitor your keystrokes for reporting purposes.
* Scan files located on your hard drive.
* Snoop through applications on our desktop.
* Install other spyware programs into your computer.
* Read your cookies.
* Steal credit card numbers, passwords, and other personal information.
* Change the default settings on your home page web browser.
* Mutate into a second generation of spyware thus making it more difficult to eradicate.
* Cause your computer to run slower.
* Deliver annoying pop up advertisements.
* Add advertising links to web pages for which the author does not get paid. (Instead, payment is directed to the spyware programmer that changed the original affiliate’s settings).
* Provide the user with no uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove.
Here are some examples of commonly seen spyware programs. Please note that while researchers will often give names to spyware programs, they may not match the names the spyware-writers use.
CoolWebSearch - a group of programs that install through "holes" found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites.
Internet Optimizer (a/k/a DyFuCa), likes to redirect Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.
180 Solutions reports extensive information to advertisers about the Web sites which you visit. It also alters HTTP requests for affiliate advertisements linked from a Web site. Therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they’ve altered.
HuntBar (a/k/a WinTools) or Adware.Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs. It’s a prime example of how spyware can install more spyware.
These programs will add toolbars to Internet Explorer, track a user's browsing behaviors, and display advertisements.
How to prevent spyware?
There are a couple things you can do to prevent spyware from infecting your computer system.
First:
* invest in a reliable commercial anti-spyware program. There are several currently on the market including stand alone software packages such as Lavasoft’s Ad-Aware or Windows Antispyware. Other options provide the anti-spyware software as part of an anti-virus package. This type of option is offered by companies such as Sophos, Symantec, and McAfee. Anti-spyware programs can combat spyware by providing real-time protection, scanning, and removal of any found spyware software.
Also:
* you should update your anti virus software frequently. As already mentioned, the Internet Explorer (IE) is often a contributor to the spyware problem because spyware programs like to attach themselves to its functionality. Spyware enjoys penetrating the IE’s weaknesses. Because of this, many users have switched to non-IE browsers. However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly, and only download programs from reputable sources. This will help reduce your chances of a spyware infiltration. .
And, when all else fails?
Finally, if your computer has been infected with a large number of spyware programs, the only solution you may have is backing up your data, and performing a complete re-install of the operating system.
Not something one wants to think about, for sure, but sometimes it is the only way to get rid of malicious programs.
Common Viruses To Watch For
Here are some common viruses that are quite constantly circulating on the internet.
Virus: Trojan.Lodear A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32(dot)Beagle(dot)CO(at)mm (blogger software kept making a link of the virus name because of the '@' symbol)
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH A mass-mailing worm and IRC backdoor Trojan for the Windows platform.
Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-DA mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to "We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)"
This is a very small, incomplete list. If you have been having some problems with your computer but haven't yet checked out why your computer is running slow, showing error messages and display other virus-related problems, please - run anti-virus software's scan just to make sure you haven't picked up a virus, worm, or other malware!
Also - update your software often! Many anti-virus programs can help you detect and clean your computer - but no program will help you if you're not doing regular scans and updates.
Virus: Trojan.Lodear A Trojan horse that attempts to download remote files. It will inject a .dll file into the EXPLORER.EXE process causing system instability.
Virus: W32(dot)Beagle(dot)CO(at)mm (blogger software kept making a link of the virus name because of the '@' symbol)
A mass-mailing worm that lowers security settings. It can delete security-related registry sub keys and may block access to security-related websites.
Virus: Backdoor.Zagaban
A Trojan horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.
Virus: W32/Netsky-P A mass-mailing worm which spreads by emailing itself to addresses produced from files on the local drives.
Virus: W32/Mytob-GH A mass-mailing worm and IRC backdoor Trojan for the Windows platform.
Messages sent by this worm will have the subject chosen randomly from a list including titles such as: Notice of account limitation, Email Account Suspension, Security measures, Members Support, Important Notification.
Virus: W32/Mytob-EX
A mass-mailing worm and IRC backdoor Trojan similar in nature to W32-Mytob-GH. W32/Mytob-EX runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. This virus spreads by sending itself to email attachments harvested from your email addresses.
Virus: W32/Mytob-AS, Mytob-BE, Mytob-C, and Mytob-ER This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be controlled through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and through various operating system vulnerabilities such as the LSASS (MS04-011).
Virus: Zafi-D A mass mailing worm and a peer-to-peer worm which copies itself to the Windows system folder with the filename Norton Update.exe. It can then create a number of files in the Windows system folder with filenames consisting of 8 random characters and a DLL extension. W32/Zafi-D copies itself to folders with names containing share, upload, or music as ICQ 2005a new!.exe or winamp 5.7 new!.exe. W32/Zafi-D will also display a fake error message box with the caption "CRC: 04F6Bh" and the text "Error in packed file!".
Virus: W32/Netsky-DA mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) exploit.
Virus: W32/Zafi-B A peer-to-peer (P2P) and email worm that will copy itself to the Windows system folder as a randomly named EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com. A bilingual, worm with an attached Hungarian political text message box which translates to "We demand that the government accommodates the homeless, tightens up the penal code and VOTES FOR THE DEATH PENALTY to cut down the increasing crime. Jun. 2004, Pécs (SNAF Team)"
This is a very small, incomplete list. If you have been having some problems with your computer but haven't yet checked out why your computer is running slow, showing error messages and display other virus-related problems, please - run anti-virus software's scan just to make sure you haven't picked up a virus, worm, or other malware!
Also - update your software often! Many anti-virus programs can help you detect and clean your computer - but no program will help you if you're not doing regular scans and updates.
Subscribe to:
Posts (Atom)
