A new virus has emerged in cyberspace. Within three months, it's a malicious program has infected 4.5 million computers. The most critical facts: the virus can not be destroyed.
The new virus was classified as a trojan. In this category, the virus is like a thief operating in our computers without our knowledge. Function, usually, is to steal important information, such as banking passwords and credit card numbers.
His name is TDL-4 "This is the most powerful threat today," said researchers from Kaspersky Lab, Sergey Golovanov "In practical terms, he can not destroy."
But Joe Stewart, Director of Malware Research at SecureWorks Dell, judge otherwise "I would not say the virus is truly indestructible, but it is difficult to destroy," he said, "The virus is very clever manage themselves."
Golovanov and Stewart underlie their opinions on a variety of threats TDL-4. Everything is made up of characters that are difficult to detect, deleted, or destroyed.
Golovanov said the TDL-4 infects the MBR or master boot record on a computer. She could operate just before the operating system works.
Master boot record is the first sector known as the O sector on a hard drive. In this sector of TDL-4 codes are stored so that she could not be detected by the operating system and antivirus.
But not only that the secret weapon TDL-4 most powerful this weapon is a combination of the most advanced encryption and the use of peer-to-peer (P2P) public to send instructions to the TDL-4 from the server controller.
"How to use peer-to-peer will make it very difficult to catch," said Roel Schouwenberg, senior researcher at Kaspersky. "The author did not want to become the next victim."
Some of the viruses have previously been able to be controlled, such as Conficker and Coreflood. Conficker and the collapse of power seems to have inspired Coreflood virus makers to create new ways to maintain their viruses in computer systems.
The pembuatTDL-4 has created its own encryption algorithms. Then the malicious programs that use the domain names of servers controlling them as an encryption key.
TDL-4 also uses a public network for one of two channels to communicate between computers infected and controlling server. Previously, the virus that communicates with the server has to communicate through a closed network that they create.
Thus, the existence of two alternative communication, when the server control is taken over the authorities, they still have the second alternative.
Based on data from Kaspersky Lab, TDL-4 which is a variant of the TDSS rootkit, has infected more than 4.5 million computers worldwide in the first three months of 2011. *** [DEDDY SINAGA|DIGITALTRENDS|COMPUTERWORLD|KORAN TEMPO 3579]
Monday, July 4, 2011
Supervirus Rampant
A new virus has emerged in cyberspace. Within three months, it's a malicious program has infected 4.5 million computers. The most critical facts: the virus can not be destroyed.
The new virus was classified as a trojan. In this category, the virus is like a thief operating in our computers without our knowledge. Function, usually, is to steal important information, such as banking passwords and credit card numbers.
His name is TDL-4 "This is the most powerful threat today," said researchers from Kaspersky Lab, Sergey Golovanov "In practical terms, he can not destroy."
But Joe Stewart, Director of Malware Research at SecureWorks Dell, judge otherwise "I would not say the virus is truly indestructible, but it is difficult to destroy," he said, "The virus is very clever manage themselves."
Golovanov and Stewart underlie their opinions on a variety of threats TDL-4. Everything is made up of characters that are difficult to detect, deleted, or destroyed.
Golovanov said the TDL-4 infects the MBR or master boot record on a computer. She could operate just before the operating system works.
Master boot record is the first sector known as the O sector on a hard drive. In this sector of TDL-4 codes are stored so that she could not be detected by the operating system and antivirus.
But not only that the secret weapon TDL-4 most powerful this weapon is a combination of the most advanced encryption and the use of peer-to-peer (P2P) public to send instructions to the TDL-4 from the server controller.
"How to use peer-to-peer will make it very difficult to catch," said Roel Schouwenberg, senior researcher at Kaspersky. "The author did not want to become the next victim."
Some of the viruses have previously been able to be controlled, such as Conficker and Coreflood. Conficker and the collapse of power seems to have inspired Coreflood virus makers to create new ways to maintain their viruses in computer systems.
The pembuatTDL-4 has created its own encryption algorithms. Then the malicious programs that use the domain names of servers controlling them as an encryption key.
TDL-4 also uses a public network for one of two channels to communicate between computers infected and controlling server. Previously, the virus that communicates with the server has to communicate through a closed network that they create.
Thus, the existence of two alternative communication, when the server control is taken over the authorities, they still have the second alternative.
Based on data from Kaspersky Lab, TDL-4 which is a variant of the TDSS rootkit, has infected more than 4.5 million computers worldwide in the first three months of 2011. *** [DEDDY SINAGA|DIGITALTRENDS|COMPUTERWORLD|KORAN TEMPO 3579]
No comments:
Post a Comment