Sunday, April 19, 2009

Top 10 Virus on January 2009

Here are the top 10 Virus/Trojan on January 2008

1. Windx-Maxtrox

Display your desktop wallpaper after modified by the virus Windx-Maxtrox.Virus created with Visual Basic has a body the size of the original around 77Kb, without in-pack. The virus is suspected to originate from the strong North Sulawesi has an executable file infection capabilities. Precisely, it will infected program in the Program Files directory. Technical infection canny enough to avoid implementing it detection heuristic antivirus engine. Characteristics that can be recognized on the infected computer is changing the image of the desktop wallpaper images into animation.

2. Autoit variants

Most variants use Autoit folder icon in the typical virus impersonation.Ciri this one is made using a scripting automation. That if the compile into a executable file, which is also in-pack using UPX. And nearly 90% of all viruses and their variants autoit that we have, using similar folder icon in impersonation. This virus will also create an autorun.inf file at the time of the disk drive or flash drive.

3. Malingsi

The virus attacks the other virus Malingsi fat.Virus well with the size of 705,312 bytes is created using Visual Basic in the pack-use PECompact. It seems this virus is intended to attack another virus, this is seen from the message in the body. This virus breed and spread using intermediaries Personalization, which acts as a bot.

4. Recycler variants

File viruses hiding behind the false Recycle .Whom become typical of this virus is a technique, how it spread. Of all the variants that we have, how that is done the same, namely masquerade as Recycle Bin. For example the virus attacks the flash disk. In the flash disk of the victim will be the folder with the name of Recycler in which there is a folder using the name of alpha numeric example “S-1-5-21-1482476501-1644491937-682003330-1013″ with the icon is similar to the Recycle Bin icon. If this folder, click on or accessed from the Explorer, the file the virus will not be visible. To view them, you can go to command prompt with the command “dir / a”.

5. Fdshield

The name used by Fdshield time spread.Virus made using Delphi language using this icon that resembles the Internet Explorer. Has a file size of 553,472 bytes, without in-pack. One thing the light of this virus is of the name used when spread, labeled “17 + + & Confidential Sexs Women artists Indonesia (foto2_kamera tersembunyi_liputan). Exe”. For users who do not careful - careful, will take the file is an HTML file. If you see in the directory C: \ Windows \ System32, the mother found a file with the name “rundl32.exe”. Do not be deceived again! That is not part of the Windows files, but it really is a file virus. Note the letter “L” is just one. And now see in the Schedule Task, have a new job with the name “Windows FD Shield” which will execute the virus file at the time that he has set.

6. Purwo variant

Message delivered creator.One more new variants, Purwo.C, still created using Visual Basic, with the body size of about 56KB, without the pure-pack. This virus uses Word document icon similar property MsOffice to deceive potential victims. When he infected create a folder with the name “Purwokerto Under Cover” of the hidden attributes, and contain a file called “KoruptorPurwokerto.exe” on each drive that he find. In the folder C: \ Windows \ System32 \ file system also have windowss.exe, and in the C: \ Windows \ javaa \ service.exe. At the time it will show a black screen that contains the text of the message from the author. And be careful, this virus will also remove some of the files belong to you that he met.

7.Formalin

File properties Formalin.Icon virus that is used by this virus resembles the withdrawal folder, and it is created using Visual Basic. On Formalin.D, the file size of 18,432 bytes, with the condition of the pack using UPX. The virus creates a folder “disguise” with names such as seepage problems UAN and UAS, My Completed Downloads, Picture Wallpaper, Crack Program, don’t opened !,Ensurt Data (dont’ removed), and others. At the infected computer, Internet Explorer in the caption will be changed to “Your computer has been infected Formalin virus.” He also tries to disable “safe-mode” with how to remove some registry related. And in the file properties of the virus, the property description in the version information will have any posts such as “Kasian dch loe”.

8. Raider.vbs variant

Raider habits virus body has up-to-encryption.Virus if this type of VBScript, its file opened with Notepad, not a lot of strings that can be read as in most encryption. This has become a habit in every variant. Typically, the Registry, it will provide a key to making the new HKLM \ Software with the same name as the name on the computer name, with its contents as a string value is the name of the virus, Raider, and the date the first time the computer is infected.

9. Autorunme variant

Virus Autorunme hide the Recycle Bin folder that is not a production dibuatnya.Virus local programmers use this pack PECompact. He does not have the icon, only the icon from the standard Windows applications. infected time, he tried to embed the file on the parent directory C: \ Windows \ System with the name and msvc32s.exe with hidden and system attributes, and create new autorun in registry with the name “Windows msvc Control Centers.” The virus can spread through the data storage media such as flash disks can also be spread through Instant Messaging application. In the flash disk, it will make the Recycle Bin folder imitation that contains files with the name autorunme.exe, and direct autorun.inf file to run the virus. So when a user plug and play their flash disk drive and access is, the virus will be active.

10. Rieysha variant

Sma-Virus Found Rieysha variants of Rieysha again, this time with the name Rieysha-high school. Like previous variants, it is still possible to use Visual Basic. This time around the size of 104KB, with the icon that resembles a file Real Media Player. Menginfeksi time, it will create a duplicate file exe, mp3, doc, and replaced with a 3gp himself. In addition, there are at least 2 pieces of virus files on the root drive, with the name “sma3gp.exe” and “CeritaSeru.vbs”.

Source: bibeh.com

0 comments:

Post a Comment