Intraday malicious virus program: Backdoor.Win32.Undef.thj

Behavior:
This is a malicious Trojan virus program.
After being executed, the Backdoor virus program can release two-stage file through internal storage and join useless code to prevent from security software’s scan. The Backdoor virus program shall used  replace way for achieving  starting, and hidden his own in font folder. The Backdoor virus program shall harvest the computer name, IP Address and, information of antivirus and firewall software which are installed on infected device and; then send these records out to the server which is specified by hackers. Meanwhile, hackers can remote control the infected computers to take malicious behaviors, for example, launching Internet Explorer to visit websites specified by hackers, download Trojan virus program to local device, monitoring infected computer screen and webcam, browsing files which are saved on infected computer, and so on. So, this malicious Backdoor virus program threatens computer security seriously.

Statistics:
RISING Cloud Security reported:
Dec 31, 2011- Jan 03, 2012, Rising Cloud Security detected that there were 403,625 computers got attacks from malicious URL injection and, RISING has intercepted 36,730 malicious URLs successfully. Meanwhile, 62,956 suspicious URLs were submitted from Rising Cloud Security members.

Top5 Infected Website:
1, sc.usst.edu.cn **
Injected malicious URL: ** /inv/qn.asp?
2, www.eralady.com **
Injected malicious URL: ** /index.html
3, mumbar.cn **
Injected malicious URL: ** mumbar.cn/
4, bbs.uuu9.com **
Injected malicious URL: ** /viewthread.php?
5, www.wysgtzy.gov.cn **
Injected malicious URL: ** wysgtzy.gov.cn/

Notice: the symbol ‘*’ means a stochastic letter or number.

Solutions:
1. Install Rising Internet Security, or Rising Antivirus plus Rising Firewall, and get update in time.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist on your computer operating system, patch your computer system in a timely manner because many viruses spread by taking advantage of Windows operating system vulnerabilities.
3. Do not browse suspicious websites, and do not run suspicious plugins; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function while accessing to Internet.


*You can buy RISING Security products here or free download to try.
*If you have any questions about RISING products, please visit Rising support centre for help.