Нет ответов в данной теме

[News Robot]

February 14, 2008

A malicious programme that entered Dr.Web malware database as BackDoor.Groan came into existence over a year ago. It was spread with a spam mailing and constituted 80% of infected mail traffic. BackDoor.Groan was detected in spam messages throughout 2007 and it looks like its authors want it to move into 2008. The creators of the malware are constantly changing packers for an executable and apply social engineering techniques to spread it. Almost every world holiday or tragic event was exploited by a spam mailing from criminals. It should also be mentioned that after a while when the first variation of the malware appeared the authors changed the method used to spread it: it was not attached to a mail message any longer but the message provided a link. Following it using the Internet Explorer executed a downloading script and the backdoor programme got into the system unnoticed.


The St. Valentine's day has also been used by the creators of the programme who distributed a spam mailing with messages containing Valentine Friends, You are My Valentine, Powerful Love as a subject. A message offered a link to download a "Valentine greeting" - valentine.exe (included into Dr.Web virus database as Trojan.Packed.357). When launched the programme installs a driver with a random name (detected by Dr.Web as Trojan.Spambot.2569) and places it to the Windows system directory along with a P2P configuration file. It places its code to %systemroot%system32services.exe and starts sending requests using random UDP ports. Upon receiving a reply it starts sending out spam.


Users of solutions by Doctor Web, Ltd. don't need to worry about the threat - SpIDerMail anti-spam filter successfully filters out Trojan.Packed.357 mailings. Dr.Web Mozilla Thunderbird link checker allows checking a page the link points to for embedded malicious scripts (visit http://www.freedrweb.com for more details about free link-checker browser plug-in).


However, if you believe that your machine has...

http://info.drweb.com/show/3279?lng=en