Posts Tagged ‘Trojan Horse’

Vulnerability

The new trojan

The most active Trojan spreads in the U.S. state of Kansas. The company Dr. Web found a new malicious program that replaces the search queries. In addition, the Trojan also redirect users to malicious sites.

Once the virus gets on your computer, it creates a copy of itself in the folder% APPDATA% and making some changes to that part of the registry of Windows, which is responsible for the startup applications. Later the Trojans built into all running processes.

“If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxton, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket”, – stated in the notice of experts from Dr. Web . (more…)

Malware Trojan HorseVirus: Trojan.Winlock.7372

Added to the virus database Dr.Web: 2012-11-14
Inserted 11/14/2012

Technical information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM> \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] ‘Microsoft Updater’ = ‘”<full path to the virus>”‘

Malicious functions:

To bypass the firewall removes or modifies the following registry keys:

[<HKLM> \ SYSTEM \ ControlSet001 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile] ‘EnableFirewall’ = ‘00000000 ‘ (more…)

Malware Trojan HorseFlashback is an example of malicious software that allows cyber criminals can steal passwords and other sensitive information from the infected computer. The system can be compromised when visiting malicious Web sites. Said Trojan was the first large-scale real threat faced by owners of “Poppy.” Despite the fact that the application uses a vulnerability in the Java, and not in OS X, in 98% of his victims were just Mac-system.

If you go to an infected site that is hosting Flashback, the program will attempt to show you a trained applet Java. If you have a version of the Java vulnerability and it is enabled in your browser, the malicious code will infect your system and install a specific set of components. Since Apple released the first update for this vulnerability only 3 April and 6 April issued a second update, at the moment a large number of Mac is still at risk of infection. (more…)