Перейти к содержимому


Фото
- - - - -

Shadow botnet switches to new operation mode on April 1

Автор News Robot , мар 31 2009 03:00

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 017 Сообщений:

Отправлено 31 Март 2009 - 03:00

March 31, 2009

A new modification of Win32.HLLW.Shadow.based (also known as
Kido/Conficker) has been discovered by virus analysts of Doctor Web.
The worm ensures operation of the Shadow botnet that is expected to
switch to another operation mode on April 1, 2009.

On April 1 2009 malicious software on all computers compromised by
Win32.HLLW.Shadow.based will be updated. The worm will generate 50 000
domain names every twenty four hours and use 500 domains from the list
to receive instructions regarding its operation. The updating process
will be controlled to prevent a significant increase in computing load
of hosting servers and make sure that the malicious activities will
remain undetected.

There are several ways in which Win32.HLLW.Shadow.based spreads.
Typically it gets into a system from a data storage device or from a
network drive. The worm also uses the SMB protocol of Windows networks
and performs brute force dictionary attacks to access target machines
remotely. Besides, it takes advantage of the Windows vulnerability
resolved by an update described in the Microsoft Security Bulletin
MS08-067.


Doctor Web applies to irresponsible users who don’t care if their
machines have been compromised. Inaction causes almost as much damage
as Win32.HLLW.Shadow.based itself for your computers become zombies in
the botnet that help spread the worm and make the botnet larger.
----------------------------------------------------------------------

Users of other anti-viruses are recommended to do the following:

1. Immediately install all security updates as
Win32.HLLW.Shadow.based uses known Windows vulnerabilities.

2. Update virus databases.

3. If your anti-virus doesn’t detect the worm or can’t cure the
system of the malicious program use the latest version of Dr.Web
CureIt! to perform the full scan of your system.


Users of Dr.Web anti-viruses are protected from all modifications of
Win32.HLLW.Shadow.based.
--------------------------------------------------------------------


View the article
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·