Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 888

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1913

Deprecated: Assigning the return value of new by reference is deprecated in /home/download/IM-Framework/adodb/adodb.inc.php on line 1985
30% Of Computers With A Security Solution Installed Are Infected - DownloadForge
 
Home » News » Security » 30% Of Computers With A Security Solution Installed Are Infected


30% Of Computers With A Security Solution Installed Are Infected

Security News | 03-Nov-2007
Views 1479 | Rating 
 | Rate it! 

According to the Infected or Not website (http://www.infectedornot.com), about 30% of computers with a security solution installed scanned last week at with the NanoScan and TotalScan were infected with some kind of malware.

"Malware creators are trying to put a large number of threats in circulation and install them silently to prevent security companies from detecting them and generating the necessary vaccines", explains Luis Corrons, Technical Director of PandaLabs, who goes on to say, "As a consequence, traditional security solutions must be complemented with other types of online solutions, like NanoScan or TotalScan, which have access to the vast knowledge-base hosted on the Panda Security servers and can detect much more malware".

As for the malicious code that has appeared this week, PandaLabs highlights the Bindo.A and Nuwar.HU worms.

Bindo.A is a worm designed to spread and infect as many computers as possible by copying itself under names like autoply.exe or MSshare.exe to the shared folders of any P2P programs that the targeted user might have installed.

It also creates a file called AUTORUN.INF in all drives it copies itself to, in order to be run every time that the drive is accessed

It is very easy to detect the presence of this worm on the system, as it increases the number of shared files in the P2P shared folders on the
computer.

Bindo.A changes certain shortcuts in the desktop so that they have two execution paths; the original one and one that runs when the original program is launched.

Nuwar.HU is a new variant of the infamous "Storm Worm" which takes advantage of Halloween to spread. It ends processes of certain security tools that might be installed on the computer.

Nuwar.HU drops a rootkit called noskrnl.sys on the system and sets it as a service so that it is run automatically when the computer is started.

Nuwar.HU spreads in email messages with subjects like "Have a Happy Halloween everyone" or "Party on this Halloween" among many others. These messages include links to certain web pages that show a 'dancing skeleton' animation. If the user downloads and runs the animation offered on the website, the worms infects the computer and turns it into a zombie system at the service of a malicious user.
 


Todays's Headlines
Related news:
 
 
 
Copyright @2005-2011 InsideMedia SRL. All rights reserved.
Copyright informations | Terms of use | Privacy policy | Contact us | Help center | Gazduire web