Posts Tagged ‘Dr.Web’

Dr. WebAV developers say about a surge of activity Trojan cryptographers

Dr. Web warned of the growing number of users affected by a Trojan cryptographers. The most widespread malicious program Trojan.Encoder.94. Also very popular Trojan.Encoder.225: only recently for help in restoring the files affected by the actions of the Trojan, anti-virus department Dr. Web addressed more than 160 people.

The Trojans family Trojan.Encoder are malicious programs that encrypt files on the hard disk of the computer and demand money for their decryption. After the files are encrypted, the Trojans family Trojan.Encoder, depending on the version, can be placed on the disc text information files for data recovery or to change the desktop background image showing instructions. Amount required by hackers, can vary from a few dozen to several thousand dollars. (more…)

Dr. WebThe company “Dr. Web” found a new version of the Trojan Linux.Sshdkit, represent a danger to the Linux servers.

According to statistics compiled by analysts, by far the Trojans from the actions of this family have been affected by several hundreds of servers, some of which are large servers hosting providers.

About the first versions of the malware Linux.Sshdkit company “Dr. Web” reported in February 2012. This Trojan is a dynamic library. In this case, there exist a variety of both 32-bit and 64-bit versions of Linux distributions Linux. After a successful installation in the Trojan into the process of sshd, intercepting the authentication function. After installing the session and successfully entering the user name and password are sent to the attacker’s remote server. (more…)

Doctor WebThe company “Dr Web” found a previously unknown functionality in the new malicious program for Facebook.

Trojan.Facebook.311 can not only publish the name of the new user’s status, join groups, post comments, but spamming social networks Twitter and Google Plus.

Trojan Trojan.Facebook.311 is written in JavaScript language for popular web browsers Google Chrome and Mozilla Firefox. Attackers are spreading Trojan using social engineering techniques – unwanted programs to access the system using a special application installer that masquerades as a “security update for watching videos.” It is noteworthy that the installer is digitally signed by the company Updates LTD, owned by Comodo. Add-ins are called Chrome Service Pack and Mozilla Service Pack respectively. In order to spread malicious Trojan created a special page on the Portuguese language, focused, most likely, on the Brazilian users of Facebook. (more…)

Vulnerability

The new trojan

The most active Trojan spreads in the U.S. state of Kansas. The company Dr. Web found a new malicious program that replaces the search queries. In addition, the Trojan also redirect users to malicious sites.

Once the virus gets on your computer, it creates a copy of itself in the folder% APPDATA% and making some changes to that part of the registry of Windows, which is responsible for the startup applications. Later the Trojans built into all running processes.

“If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxton, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket”, – stated in the notice of experts from Dr. Web . (more…)

Doctor WebDr.Web Anti-virus for Windows ensures reliable protection from viruses, rootkits, spyware, adware, hacking tools, programs, dialers and joke programs.

Dr.Web Anti-virus for Windows filters email traffic, detects and removes malicious code that monitors the file system. Dr.Web for Windows regularly updates the list of viruses.

Dr.Web Anti-virus for Windows provides:

– Detection and neutralization of malware on hard drives, removable media and computer memory;

– Filtering incoming and outgoing mail protocols POP3, IMAP4, SMTP, NNTP in real time, to check all components of the letter;

– Monitor file operations, followed by blocking malware actions;

– Protection against viruses, rootkits, spyware, adware, hacking tools, dialers, and joke programs. (more…)

Doctor Web

New Trojan Winlock

The specialists of “Dr. Web” today announced the distribution of the new Trojan-blocker of the acclaimed family Trojan.Winlock – Trojan.Winlock.7372.

From other vinlokov this Trojan is different because it does not contain any text or graphics – it loads them on the infected computer on the network. As the main purpose Trojan.Winlock.7372 chose foreign users.

The first Winlock Trojans oriented foreign users, have proliferated in the autumn of 2011, and before that the scheme was successful criminal earnings run-in by hackers in Russia. This malicious program is distributed with the family of Trojans, known as BackDoor.Umbra. Based on the internal structure, Trojan.Winlock.7372 no way resembles the other members of the Trojans extortionists. First of all, because it does not contain any images, text resources or other components, which are usually shown, these malicious applications on the computer screen when locking Windows. All the necessary elements Trojan.Winlock.7372 downloads from the remote server, and prevents the system screen is a normal web page. (more…)

Malware Trojan HorseVirus: Trojan.Winlock.7372

Added to the virus database Dr.Web: 2012-11-14
Inserted 11/14/2012

Technical information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM> \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] ‘Microsoft Updater’ = ‘”<full path to the virus>”‘

Malicious functions:

To bypass the firewall removes or modifies the following registry keys:

[<HKLM> \ SYSTEM \ ControlSet001 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile] ‘EnableFirewall’ = ‘00000000 ‘ (more…)

Doctor WebThe company “Doctor Web” – Russian developer of IT security solutions branded Dr.Web. Strategic objective is to create the best anti-virus tools that meet all current requirements for this class of programs, and the development of new technological solutions that enable users to meet head-on any type of computer threats.

  • Date of the founding of the company “Doctor Web” – 2003
  • Start developing Anti Dr.Web -1992
  • The company’s founder, author of Anti Dr.Web – Igor Danilov

The strategic objective of the company, which focus the efforts of all employees, is to create the best anti-virus tools that meet all current requirements for this class of programs, and the development of new technological solutions that enable users to meet head-on all types of computer threats. (more…)