Daily Virus Report (Apr 15, 2009) - Trojan.DL.Win32.Mnless.cwj
-
RISING
Behaviour:
This is a malicious Trojan virus program. After being executed, the virus shuts down varieties of antivirus program and, creates registry hijack option to prevent from antivirus software’s check and scan. Also, the virus can shut down security tools which installed in the infected device, such as IceSword, etc. And the virus releases “usp10.dll” file to each computer disk. After this “dll” file being loaded, the virus can access to system folder to record the information of “Medest.jpg”, and download varieties of Trojan virus and other malicious virus program according to URLs.
Statistics:
RISING Cloud Security reported:
April 13, 2009 there were 3,242,488 devices got malicious attack via malicious Webpage Horse Hanging tech, and RISING Virus Lab has intercepted 719,232 malicious hyperlinks with webpage Horse Hanging tech. And Rising Cloud Security got 226,518 reports from end users.
Top5 Infected Website:
1, health.china228.com
with malicious hyperlink: *******.cn/sina/02.htm, etc.
2, jobs.zhaopin.com/P2/CC0005/4561/J900/000/CC000545613J90000015000.htm?f=ss&DYWE=1239759494562.126095.1239759495.1239765347.2
with malicious hyperlink: *******.cn/sina/lz.htm, etc.
3, www.58com.com/web/musicbook/eleh_show.aspx?id=361
with malicious hyperlink: *****.cn/sina/real.html, etc.
4, www.wst.hainan.gov.cn/Other/news/list.htm
with malicious hyperlink: c.*****.cn/d1/16/yt122121.htm, etc.
5, partyschool.cun.edu.cn/Announce.asp?ID=8
with malicious hyperlink: c.****.cn/d1/16/ytgg.htm, etc.
Notice: the symbol ‘*’ means a stochastic letter or number.
Solutions:
1. Install Rising Internet Security or Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist in your computer operation system, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function when accessing to the internet.
Daily Virus Report (Feb 07, 2012)- Rootkit.Win32.Undef.cvu ()
