Intraday malicious virus program: Worm.Win32.FakeFolder.al

Behavior:
This is a malicious Trojan virus program.
After being executed, the virus program shall avoid being scanned by antivirus software; shut down the antivirus software process and prevent it from starting by creating Registry hijack option; even delete antivirus software icon in order to hide it. The virus author shall damage the security mode of Windows system to avoid the virus program from being deleted manually, and make users not open Registry editor. The virus program shall finally create plenty of shortcuts of malicious phishing websites by which users can have access to hackers’ websites, which brings hackers lots of benefits. So this malicious virus program threatens users’ computer security seriously.

Statistics:
RISING Cloud Security reported:
Nov 15, 2011, Rising Cloud Security detected that there were 88,845 computers got attacks from malicious URL injection and, RISING has intercepted 28,750 malicious URLs successfully. Meanwhile, 41507 suspicious URLs were submitted from Rising Cloud Security members.

Top5 Infected Website:
1, www.500858.com**
Injected malicious URL: ** com/m.htm
2, www.89089000.com**
Injected malicious URL: **lianzhong.htm
3, www.91-china.cn**
Injected malicious URL: ** xc/d.htm
4, www.gxlgxy.com**
Injected malicious URL: ** huodong/NewXy/f.htm
5, www.hdsq.cc**
Injected malicious URL: ** . ltsy/images/wm.htm

Notice: the symbol ‘*’ means a stochastic letter or number.

Solutions:
1. Install Rising Internet Security, or Rising Antivirus plus Rising Firewall, and get update in time.
2. Install Rising PC Doctor, and choose “Leaks” function to check the leaks or vulnerabilities exist on your computer operating system, patch your computer system in a timely manner because many viruses spread by taking advantage of Windows operating system vulnerabilities.
3. Do not browse suspicious websites, and do not run suspicious plugins; turn off or delete unnecessary system services.
4. Do not receive the suspicious file from QQ, MSN, Email, etc.
5. Open RISING Active Defense and Auto-Protect function while accessing to Internet.


*You can buy RISING Security products here or free download to try.
*If you have any questions about RISING products, please visit Rising support centre for help.