Viruses & Malware

This virus creates a file in C:WINDOWS named "systray.exe", and it will drop the virus "Adware.WinTaskAd". The virus downloads and installs more ad ware from other websites. This virus is disguised as an MSN Messenger hack tool. The virus displays an error message when executed, although there is actually no real error with the virus when you execute it. The virus attempts to spread a fake "Hack Tool" that transmits by the name of "MSN Fun Maker", and the actual file name MSNFunMaker204.exe. It uses the generic Windows Installer icon.

Even though malware has been a recognised threat within the general IT community for well over 15 years, it is effectively a bigger problem now than it has ever been before.

This situation has arisen, despite improvements in protective technologies, because many systems do not use these technologies effectively, and many others remain open to be exploited by resolvable vulnerabilities that can let new strains in.

With eight new variants surfacing in the last week alone, and over a dozen reported since the beginning of March, the Mytob mass-mailing worm appears to be evolving rapidly.

On Monday, security software maker Symantec reported two new versions of the virus, labeled as W32.Mytob.R and W32.Mytob.S. Both worms achieved a low or moderate threat rating from Symantec, as have earlier variants of Mytob, but the company is still recommending that people update their security software immediately to protect against the emerging threat.

Eight variations of the Mytob worm have appeared in the last five days, said Symantec Monday, all of them able to plant a backdoor on infected machines and prevent them from updating security software.

A COMPANY which offered $25,000 for anyone who could infect two PowerMac G5s connected to the net with a virus has cancelled the competition.

DVForge started the competition after anti-virus outfit Symantec claimed that attacks on the Mac are on the rise. The company was miffed that Symantec was out there spreading FUD against Apple when there had been very few attacks on the pretty boxes.

On March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to addresses it dug out of infected machines, swept the Internet. Six years later, mass-mailed worms have reached their peak, said the researcher who led authorities to the hacker who wrote Melissa.

Jimmy Kuo, a research fellow with McAfee, was in on the first discussions as samples of the still-not-named virus were captured and put under the forensics microscope.

Malware authors have created a Trojan that targets Symbian smart phones and attempts to remove any anti-virus protection it finds. The Drever-C Trojan attacks mobile anti-virus packages from F-Secure, Kaspersky and Simworks running on Symbian devices. Targeting security protection is common in mainstream Windows PC malware but this is a recent innovation for mobile viruses. Drever-C poses as a security update and tries to damage the boot loader and application binaries of F-Secure Mobile Anti-Virus.

Computer worms are becoming less commonplace as virus writers diversify their malware spreading tactics to create the maximum effect for the least possible effort. Email-borne worms, such as NetSky, Bagle and Sober, remain perennial favourites with malware authors but Slammer-style worms are becoming rarer, according to anti-virus firm F-Secure.

Instant messaging security threats are growing by 50 per cent each month and could potentially spread across the globe in seconds.

According to research from anti-virus firm F-Secure, virus writers are targeting instant messaging application due to their ability to spread malicious code faster than email worms.

Where as the Sasser email worm took 14 minutes to compromise 95 per cent of all vulnerable PCs around the world, instant messaging worms could infect all IM using computers in just 14 seconds.

Some useful citizen has created an installer that will nail IE with spyware, even if a surfer is using Firefox (or another alternative browser) or has blocked access to the malicious site in IE beforehand. The technique allows a raft of spyware to be served up to Windows users in spite of any security measures that might be in place.