Нет ответов в данной теме

[News Robot]

August 4, 2008


Doctor Web, Ltd presents the virus activity review for July 2008.


Virus epidemics causing uproar and panic among Internet users have long since passed. Nowadays malicious activities are less overt and in most cases remain unnoticed by inexperienced users. The July reaffirmed this tendency making “Trojan activity review” somewhat more appropriate title for this article for it is Trojans of all sorts that are brought in focus here.


Concerning Trojans Trojans of the Virtumod family are the most interesting species from the point of view of analysis and working out a curing algorithm. Other anti-virus vendors classify them as Virtumonde/Vundo/Monder. By now these malicious programs have not paved their way to enter the glorious top ten spread malware but one can quite often come across with them in the wild. Very few anti-viruses can boast successful detection of such Trojans, let alone successfully cure them. The reason behind this complexity for anti-virus vendors is an operation algorithm employed by virus makers who are very consistent in the three or even four-way development of their polymorphic packer. Recent months saw over 10 modifications with dozens of thousands of samples for each type of the packer. The figures are based on data of other anti-virus vendors along with Dr.Web and also take into account samples found during an online virus scan.


Virtumod is not the sole active example of the off-line polymorphism. Now it is clear that without the centralized development of counteraction to this trend and without a versatile technology for prompt implementation of identifying of polymorphic packers in an anti-virus kernel the anti-virus industry may soon find itself inept in the face of emerging challenges.


Trojan.Clb is another malicious program spreading rather rapidly. It contains a rootkit and uses the splicing technology to hide files on disks and entire branches of the registry. Besides, there is also Trojan.DnsChange.967 that substitutes DNS serve...

http://info.drweb.com/show/3484?lng=en