Intraday malicious virus program: Worm.Win32.Downloader.mx

Behaviour:
This is a malicious Worm virus downloader program.
After being executed, the virus program shall shut down antivirus program of infected computers, and create hijack option in Windows Register to escape check and scan from antivirus program. Then, the virus program shall infect files in format of EXE, RAR, HTML, and ASP. So, while computer users open these infected files, the virus program shall be loaded automatically. If the computer users open a webpage which has got infected, the virus downloader program shall download virus to infected computers and spread these viruses program via removable devices. Also, this virus program shall create IE process, and take BitTorrent as default measure to download viruses and Trojan virus from server which appointed by hackers.

Statistics:
RISING Cloud Security reported:
January 14, 2010 there were 990,268 devices got malicious attack via malicious Webpage Horse Hanging tech, and RISING Virus Lab has intercepted 225,485 malicious hyperlinks with webpage Horse Hanging tech. And Rising Cloud Security got 58,054 reports from end users.

Top5 Infected Website:
1, bbs.3839.com
with malicious hyperlink: **net/diss/dcms/cache/yv.htm, etc.
2, news.91.cn/zt/ft01.htm
with malicious hyperlink: ** la/77/mp.htm, etc.
3, tj.91.cn
with malicious hyperlink: **. com:169/360/39/index.html, etc.
4, www.fjdh.com/wumin/HTML/71264.html
with malicious hyperlink: ** cc/data/backup/data.htm?772, etc.
5, www.game.com.cn
with malicious hyperlink: ** com/pz/yt.htm, etc.

Notice: the symbol ‘*’ means a stochastic letter or number.

Solutions:
1. Install Rising Internet Security or Rising Anti-virus, personal firewall, update in time, and at least 3 times per day for updating Rising.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist in your computer operation system, patch your computer system in a timely manner as many viruses spread by taking advantage of the system exploits or vulnerabilities.
3. Do not browse suspicious websites, and suspicious inserter; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function when accessing to the internet.


*You can buy RISING Security products here or free download to try.
*If you have any questions about RISING products, please visit Rising support centre for help.