One of the top families of malicious code targeting the Windows platform has evolved with the addition of worm behavior, Microsoft warns. According to data made public via the Microsoft Security Intelligence Report, the Win32/Vundo Trojan infected over 3.6 million computers in the second half of 2008, and occupies the third position in a malware ranking behind Renos and Zlob. Vundo is a family of malware with various components that are designed to serve victims 'out of context' pop-up advertisements following infection. Microsoft warns that the Vundo family of malicious software can also
be used to download and execute arbitrary files.
“Recently, we found new variants that employ replicating behavior by copying itself to mapped drives on the infected machine. It either copies itself into the mapped drive's root directory as a random dll name, or it creates a random directory name and copies the dll in there with the same name. This variant is named Worm:Win32/Vundo.A. We often advise customers to clean machines infected with Vundo offline and reboot afterwards because the process in memory can download the file again even if the malware was deleted successfully. Given this new behavior, if you think that you're infected with a new variant of Vundo, try disconnecting from the Internet before scanning your system,” recommends Jaime Wong, Microsoft spyware analyst.
In a common infection scenario involving Vundo, users will see a high volume of incessant popups displaying directly on the desktop. The advertisements are focused on rogue security software and will handicap Internet connectivity considerably. The Redmond company warns that Vundo utilizes a variety of tricks in order to avoid detection and removal.
“One of the methods it uses is hooking the Appinit_Dlls, or LoadAppInit_DLLs for Windows Vista operating systems. This will cause every process using user32.dll (which doesn't?) to load the dlls listed in this registry key into the process memory. Another trick it uses is to add itself to PendingFileRenameOperations registry key. This basically marks the dll to be renamed to another random name upon reboot,” Wong added.
Windows Trojan That Infected Over 3.6 Million PCs Evolves with Worm Behavior
Vista SP2 and Windows 7 More Secure than Linux and Mac OS X Leopard
Pernyataan dari Microsoft mengatakan bahwa Vista SP2 dan Windows 7 lebih aman dari Linux dan Mac OS X Leopard. Selain itu mereka juga mengatakan kalau OS nya paling aman sedunia.
Yah saya sendiri belum pernah menggunakan Linux dan Mac OS X Leopard, tapi secara pribadi sejak ganti dari XP ke Vista, computer saya belum pernah kemasukkan virus, yah itu juga karena antivirus nya juga top markotop :D.
Microsoft sudah mengeluarkan Service Pack baru untuk Vista, SP2. Mereka berkeinginan agar pengguna XP pindah ke Vista atau Windows 7. Turner mengatakan “We'll continue to support XP, and XP is a great operating system, but keep in mind, it will be 12 years old next year. So not only is great TCO on an 11-year-old operating system in XP, certainly from a security, a reliability and a power management standpoint, there's compelling reasons to continue to look at the change,”
Untuk mendownload SP2 untuk Vista bisa kunjungi Softpedia.
Lebih lanjut cek softpedia.
