Перейти к содержимому


Фото
- - - - -

June virus activity review from Doctor Web, Ltd.

Автор News Robot , июл 03 2008 10:43

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 012 Сообщений:

Отправлено 03 Июль 2008 - 10:43

July 3, 2008


Concerning viruses



The increased spreading of a dangerous file virus classified by Dr.Web as Win32.Sector.5 (aka Sality) is not something to be omitted. The number of requests to the helpdesk from system administrators regarding malicious activates of the virus turned out to be so large that one could call it as much as an epidemics. As stated by those affected by the malware the present modification of Sector started causing problems in February this year. By now the epidemics has escalated and reached an astounding level. Banks, audit companies, retail chains, software developers, engineering companies, research facilities and federal cultural institutions were affected by activities of the file virus.


First samples of the sector family appeared in early 2003. In five years the malware mutated but retained its destructive capabilities and acquired new ones. Each subsequent variant of the virus tended to be less overt concerning its presence in the system. Experts of Doctor Web, Ltd. anti-virus laboratory think that the mutation provides an evidence that Win32.Sector.5 may now be used to hide other less complex but equally malicious programs stealing sensitive information or sending out spam.


As soon as Win32.Sector.5 gets into a system it injects its code in all processes currently present in RAM and removes certain branches of the system registry so booting in the safe mode becomes impossible. After that the file virus infects all .exe and .scr files on all available disks or network resources. In order to spread faster it also infects autoarun and most frequently launched files. Besides, Win32.Sector.deletes files and processes related to most known anti-virus programs and blocks access to web-sites of the anti-virus vendors preventing updating. Unlike other anti-viruses that either block access to an infected file or delete it, Dr.Web cures files infected by the file virus. The malware is not a threat to users of Dr.Web anti-virus performing regular updates of the...

http://info.drweb.com/show/3426?lng=en
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·