VIRUS/SPYWARE ALERTS

VIRUS UPDATE
============

This week we includes information about the VirusResponseLab2009 false antivirus, P2PShared.M worm, Lydra.AO Trojan, the Redvoz.A backdoor Trojan and the
Autorun.AHS worm..

The VirusResponseLab2009 adware is another example of how false antivirus solutions are being used by cyber-criminals for financial gain.

When run, this adware fakes a system scan, telling users that their computers are infected It also sporadically launches a pop-up warning, from the taskbar, falsely claiming that the computer is being attacked from the Internet, or that the user is vulnerable to password theft.

The real aim of this malicious code is to make users believe they are infected and consequently buy the antivirus solution offered in order to clean their computers of these (non-existent) threats.

P2PShared.M is a worm that spreads through P2P networks. It does this by copying itself to the folders of several P2P applications, under the guise of software programs, which are then downloaded by other users. The worm creates a copy of itself on the system and modifies the Windows Registry.

Lydra.AO records users' activity on the infected computer and sends it to the malware author. To do so, it remains active in the Windows memory and starts capturing keystrokes and mouse movements. It also collects email addresses found in files with certain extensions.

It stores the information gathered, together with the PC hardware and software data, and sends it to the malware author via email. To do so, it uses its own SMTP or MAPI engine.

Redvoz.A is a backdoor Trojan that connects to a remote server, which allows the creator to run arbitrary commands on the infected computer and take control of the system.

This new malicious code creates a system service for managing network policies displayed by default by system services and third-party applications. This service is run continuously and cannot be stopped, making it difficult to remove. As the service is in a loop, the threat is recreated if it is deleted.

Autorun.AHS is a worm designed to spread through the floppy disk drive. When run on the computer, it modifies specific Registry entries to make it seem as though the Task Manager, Windows Registry, Folder options and Explorer files have been enabled. What it really does though, is replace the Internet Explorer start page for a malicious page. It also modifies the Windows Registry to run on every system startup.

Make sure you have a good Anti-Virus product installed so these bugs can not
hurt your system.

Stay safe!

Also consider the idea of owning your own Spam-Busting customer support helpdesk, read more... here.

Greg.
Check out my own HelpDesk
here.




Visit here for: Online Income, Advertising, Marketing and Traffic Generation Resources

Keywords: Virus+Alerts, Advertising+Marketing, Online+Income
Traffic+Generation, Free+Advertising,