Intraday malicious virus program: Trojan.Win32.FakeIME.y

Behavior:
This is a malicious Trojan virus program.
After being executed, the virus program shall pretend to be input method file (with file extension of IME), and register as system default input method. So the virus program shall be executed with Advanced Text Services. Also, after being executed, the virus program shall check the infected computer for online game program and, then steal and record the infected computer users’ online game account and other important information. Then the virus program shall send the record out to the server which appointed by hackers. The hackers shall crack the infected computer users’ online game account with the record from the account stealer Trojan program. This is the way hackers get benefits and make the infected computer users’ virtual properties suffer from losses. So this malicious Trojan virus program threatens online game players; account security seriously.

Statistics:
RISING Cloud Security reported:
Aug 18, 2011, Rising Cloud Security detected that there were 211,554 computers got attacks from malicious URL injection and, RISING has intercepted 52,322 malicious URLs successfully. Meanwhile, 53018 suspicious URLs were submitted from Rising Cloud Security members.

Top5 Infected Website:
1, you.zhile365.com**
Injected malicious URL: ** shop/wow1.html
2, yxzx2.com**
Injected malicious URL: ** 20091110/5508.shtml
3, www.332pay.com**
Injected malicious URL: **users/asp/fl.html
4, www.cxkx.gov.cn**
Injected malicious URL: ** css/mm/wmdn.html
5, www.tssgh.com.cn**
Injected malicious URL: **down/b6.htm

Notice: the symbol ‘*’ means a stochastic letter or number.

Solutions:
1. Install Rising Internet Security, or Rising Antivirus plus Rising Firewall, and get update in time.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist on your computer operating system, patch your computer system in a timely manner because many viruses spread by taking advantage of Windows operating system vulnerabilities.
3. Do not browse suspicious websites, and do not run suspicious plugins; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function while accessing to Internet.


*You can buy RISING Security products here or free download to try.
*If you have any questions about RISING products, please visit Rising support centre for help.