Some 30% of computers with a security solution installed scanned last week were infected with some kind of malware. In the case of computers without any kind of protection, the figure goes up to 44%. Source:http://www.infectedornot.com
Malware creators are trying to put a large number of threats in circulation and install them silently to prevent security companies from detecting them and generating the necessary vaccines.
Therefore, traditional security solutions must be complemented with other types of online solutions like BitDefender, which uses the ICSA Labs certified scanning engines, so you can feel secure about their virus protection.
As for the malicious code that has appeared in the past week, highlighted are the Bindo.A and Nuwar.HU worms.
Bindo.A aka autoply.exe is a worm designed to spread and infect as many computers as possible by copying itself under names like autoply.exe or MSshare.exe to the shared folders of any P2P programs that the targeted user might have installed.
It also creates a file called AUTORUN.INF in all drives it copies itself to, in order to be run every time that the drive is accessed It is very easy to detect the presence of this worm on the system, as it increases the number of shared files in the P2P shared folders on the computer.
Bindo.A also changes certain shortcuts in the desktop so that they have two execution paths: the original one and one that runs when the original program is launched.
BitDefender is a FREE online virus scanner, which takes a while to run and it is advisable to run this when you have no other programs using resources. When opened, you will have to click the ‘I Agree’ user license after which you will be taken to the Options page.
Click image for larger view.
The default setting is to scan all of your computer, which is the safest option. Under the ‘Settings’ the default option is for BitDefender to try and clean the infected files. There is a warning that if disinfection fails, the files will be deleted. You can change this option where it says ‘click here’ and a pop-up window opens (ensure you do not have pop-up blockers turned on).
Click image for larger view
Under the heading ‘Action options’ select ‘Prompt user for action’ and under ‘Second action’ again select ‘Prompt user for action’ then click OK, then click where it says ‘Click here to scan’. BitDefender will then load the anti-virus engine and virus signatures.
If it fails to update, select ‘Yes’ to continue and scanning will start.
Click image for larger view
When scanning, if an infection is found you will be prompted for an action and you will see the location of the infected file. You can select ignore, disinfect or delete. If disinfection fails however, the file will be deleted so use this with caution and ensure that it is not an important file.
Nuwar.HU is a new variant of the infamous “Storm Worm” which takes advantage of Halloween to spread. It ends processes of certain security tools that might be installed on the computer.
Nuwar.HU drops a rootkit called noskrnl.sys on the system and sets it as a service so that it is run automatically when the computer is started. Nuwar.HU spreads in email messages with subjects like “Have a Happy Halloween everyone” or “Party on this Halloween” among many others.
These messages include links to certain web pages that show a ‘dancing skeleton’ animation. If the user downloads and runs the animation offered on the website, the worms infects the computer and turns it into a zombie system at the service of a malicious user.
Rootkit detection
Methods to detect rootkits fall into two categories: Signature-based and heuristic/behavior-based detection.
There is an article about rootkits here and advice on searching your hard drive for the presence of rootkits and tools to remove them which you can get more information by clicking here.
No comments:
Post a Comment