Your computer is an expensive investment and is often used as a way to work or communicate with family and friends.
There is likely a lot of personal information such as pictures and addresses you don’t want others to know about on here.
If you get a virus on your computer, you are opening the virtual world up to everything you have shared or made available.
Trojan bot infects computers running Windows. At infection of system places the copy in the catalog % APPDATA% \ {GUID} \ and modifies the registry branch SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run in order to implement its own autorun at system startup.
Built into all business processes and performs intercept Internet functions if for all processes will be found the following:
– maxthon, browser, firefox, iexplo, safari, mozill, chrome, avant, opera, netsc
If the user carries out web search by means of one of traced browsers, the Trojan receives URL of required search inquiry and sends it to the remote server. The server, in turn, sends to the bot specially created team which contains information and the web address with which the original search inquiry of the user will be changed.
New Trojan
The company “Doctor Web” – a Russian developer of IT security – reports on the distribution of the new Trojan Trojan.GBPBoot.1, has an interesting self-healing mechanism.
In terms of ongoing data Trojan malicious functions, Trojan.GBPBoot.1 include relatively primitive malware: it is able to download from the remote server and run on the infected computer various executable files or run programs that are not stored directly on the victim’s computer. This exhausts its malicious payload. However, this Trojan is interesting primarily because it has the ability to seriously oppose attempts to remove it.
Trojan.GBPBoot.1 consists of several modules. The first of these modifies the master boot record (MBR) on the hard disk, and then writes to the end of the appropriate section (outside the file system) module virus installer module automatically restore the Trojan archive file explorer.exe and the sector with the configuration data. Then places the system folder virus installer, run it, and your own file deletes. (more…)
Malware: Trojan.PWS.Panda.2395
Technical information
To ensure autorun and distribution:
Modifies the following registry keys:
Virus: Trojan horse – Zeroaccess
Type: Trojan
Distribution Level: Low
Systems Affected: Windows Me/95/98/2000/NT/XP/Server 2003/Vista/7/Server 2008/
Trojan.Zeroaccess is a Trojan horse that uses an advanced rootkit to hide itself. The Trojan is called ZeroAccess due to a string found in the kernel driver code that is pointing to the original project folder called ZeroAccess. It is also known as max++ as it creates a new kernel device object called __max++>. It can also create a hidden file system, downloads more malware, and opens a back door on the compromised computer. (more…)
Trojan-Downloader.JS.Agent.fxq – is a Page pop-up menu to load.
Technical details:
Trojan horse that opens a browser different web pages without the user’s knowledge. Is an HTML-page with a script written JavaScript. Malicious script has a size 3560 bytes.
Destructive activity: (more…)
XSS in Drupal Exposed Filter Data
Impact: Cross Site Scripting
Affected products: Drupal Exposed Filter Data Module 6.x
Affected versions: Drupal Exposed Filter Data to version 6.x-1.2.
Description:
The vulnerability allows malicious people to conduct XSS attacks. (more…)
CSRF attack in Drupal Heartbeat
Impact: Cross Site Scripting
Affected products:
– Drupal Heartbeat Module 6.x;
– Drupal Heartbeat Module 7.x
Affected versions: Drupal Heartbeat version to 6.x-4.12, possibly earlier. (more…)
Technical information
To ensure autorun and distribution: Modifies the following registry keys:
[<HKLM> \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] ‘uct.exe’ = ‘”% APPDATA% \ uct.exe”‘
Creates or modifies the following files:
% WINDIR% \ Tasks \ fbagent.job (more…)
Flashback is an example of malicious software that allows cyber criminals can steal passwords and other sensitive information from the infected computer. The system can be compromised when visiting malicious Web sites. Said Trojan was the first large-scale real threat faced by owners of “Poppy.” Despite the fact that the application uses a vulnerability in the Java, and not in OS X, in 98% of his victims were just Mac-system.
If you go to an infected site that is hosting Flashback, the program will attempt to show you a trained applet Java. If you have a version of the Java vulnerability and it is enabled in your browser, the malicious code will infect your system and install a specific set of components. Since Apple released the first update for this vulnerability only 3 April and 6 April issued a second update, at the moment a large number of Mac is still at risk of infection. (more…)
MALWARELIST.net - Your Information Security Source 