Network security channel bit today to remind you: In today's virus cabo worm variant of r, Warcraft and variants aur Deputy worm variants SJ variants are a cause for concern.
a briefing today in high-risk virus and describe the phenomenon of poisoning:
cabo worm is a variant of r cabo worm worms in the family of one of the newest members to adopt MicrosoftVisualC 7.0 to prepare. Cabo worm variant of r running, it will replicate itself to the infected computer systems, % USERPROFILE% \ LocalSettings \ Temp directory, renamed svchost.exe . Through the start of the registry key value added in a manner to achieve the worm automatically start running. Traverse the infected computer's drive G to C, effective search network shared folder. If it is found that there is . RAR and . ZIP extension of the compressed file, it will be any self-named Setup.exe , Install.exe or _Run_Me_First.exe , written by the discovery of the compressed file And the dissemination of network sharing. In addition, the worm will not be repeated infection, in some cases, the infected files copied to the other directory and rename as updated-fixedRelease-.rar .
Warcraft aur variant of the Warcraft Trojan family in one of the newest members to adopt BorlandDelphi6.0-7.0 to prepare, and after dealing with the protection of Jiake. Warcraft variant aur run, in the infected computer systems, % USERPROFILE% \ LocalSettings \ Temp directory released malicious DLL file textfont.dat and LPK.dll , and the real system files % SystemRoot% \ system32 \ LPK.dll to copy the temporary folder, and renamed LOOPARK.dat . Warcraft aur variant of the components of the release of textfont.dat is a steal, Legends 2 online games account of the Trojan horse program members will be inserted into the explorer.exe and all the user-level privileges In the process of loading operation. After running through the news hook, such as interception RAM technology to steal online game players of the game account, the password of the game, where the service area, and other information, and will be in the background of players to steal confidential information sent to the hacker's designated site on the remote server, Resulting in online games player accounts of the game, equipment, goods, money, such as loss of players to the game caused varying degrees of damage. In addition, the Warcraft aur variants will be running in the background after the surveillance system is running all the process if it is found to kill some of the soft existence of direct control from the operation of the horse will not be released and a series of follow-up operation.
Deputy worm variants SJ (Worm.Win32.VB.sj) The virus is prepared by the VB, similar to a folder icon, the virus will run in the root system to copy a large number of their own, and named a different Name, will replace some system files. Will be the release of the root Autorun.inf, when in the Windows directory and open the system32 directory, the virus will shut down this folder from his visit to avoid anti-virus manual. Virus will modify the location of the start menu, when the mouse on the start menu, the menu will move randomly, not click. Virus will modify a large number of registry in order to achieve the purpose of the start-up. Virus will modify IE home page, download new so as to achieve the purpose of the virus, allowing users to easily repeated infection, it is difficult to remove completely. Second
the light of these viruses, network security channel bit proposed a wide range of users:
1, the best professional to install antivirus software to conduct a comprehensive monitoring and upgrading of the virus code in a timely manner. Some of the main recommendations will be monitoring the user to open the regular, such as e-mail monitoring, surveillance, such as memory, with a view to preventing the current prevalence of viruses, Trojan horses, harmful code or procedure, such as attacks on a user's computer.
2, Do not open e-mail at the Annex, in particular e-mail from an unknown source. Enterprise users in general to open mail server platform monitoring system, e-mail at the gateway to intercept viruses, to ensure the security of e-mail client.
3, enterprise users should upgrade control center in a timely manner and suggested that the relevant managers at the appropriate time for killing virus-wide network. In addition to guarantee information security companies should be shut down for the shared directory, and set up strong administrator account password, do not set an administrator password is empty or too simple password. As reporters
time only, Jiangmin, Rising Treasury virus have been updated and the above-mentioned killing the virus. Jiang thanked the science and technology, science and technology for the Rising-bit channel network security information provided by the virus.

评论暂缺 »

还没有任何评论。

这篇文章上的评论 RSS feed TrackBack URL

留下评论

发表评论您必须先登录。