Нет ответов в данной теме

[News Robot]

September 1, 2008



Doctor Web presents you a virus activity review for August 2008.


Even though the last summer month hasn’t challenged virus analysts with samples of new malware, it doesn’t mean that malicious programs decided to take a break.


A new modification of Trojan.Encoder - Trojan.Encoder.19 that was discussed in our news earlier came into existence in August. This malicious program encrypted user data, deleted itself and offered a user to pay a moderate sum of money for a decryption tool. However, Doctor Web promptly responded to the new threat offering a decryption utility free of charge to any user.


E-mail remains the basic means of transport for malware that get to user machines with mailings that offer links to malicious files or web-pages with embedded scripts that initiate automatic downloading of malware or lure a user into downloading and launching such a file. As a rule a user gets a link to adult content involving a celebrity or may come as a so called storm spam. Such a message informs a user about breaking news published by a respected news agency and offers a link to a video related to an event. All of these files are executables with a new packer (also called polymorphic packer) used for each new variation. Such malicious programs are detected by Dr.Web as modifications of Trojan.Fakealert, Trojan.DownLoad or Trojan.Packed. Depending on goals of virus makers they can start downloading or launch another malware on a computer. Virtually all messages containing links to the Trojans are detected as spam by a filter built in anti-virus products from Doctor Web.


Below we will take a look at certain evil-doing species that also spread with spam but deserve special attention.


Political events receiving a wide response worldwide never pass unnoticed on the web. In august virus writers exploited events related to the conflict in South Ossetia. An example is a mailing with the subject “Jou...

http://info.drweb.com/show/3512?lng=en