Kaspersky Detects Deeply Penetrating Computer Virus Sinowal
According to security company Kaspersky, its research lab spotted a fresh version of Sinowal (a vicious code that keeps itself hidden on an infected system by contaminating its MBR (Master Boot Record) that is part of a system's hard-drive) at the end of March 2009.
The company stated the new Sinowal botnet also called Torpig represents a sophisticated method that cyber criminals have used for the first time.
According to it, Sinowal plants itself on the lowest level of the OS (Operating System) i.e. the MBR of the computer's hard-drive and effectively bypasses antivirus software.
Before Kaspersky Lab detected the latest Sinowal variant, the company's analysts had presented detailed reports about the rootkit's other variants in 2008. However, the current variant has simply surprised the security researchers, according to the company.
The company also states, during April 2009, the virus vigorously proliferated via several techniques like websites exploiting a security flaw in Adobe Acrobat Reader of PDF software or the Neosploit rootkit.
According to the researchers, the detection of the rootkit along with its treatment, as the malware continues to proliferate, represents an extremely difficult job for antivirus experts who have been facing it for several years.
Konstantin Sapronov, Head of Kaspersky Virus Lab in China, stated new invasion methods of the Sinowal variant have almost made it impossible for end-users to remain safe from its impact. Apparently, Sapronov added even the non-infected websites could redirect its visitors to malware-ridden websites, as reported by zdnet on May 13, 2009.
Moreover, Sapronov further added creators of web malware have chosen exploits performing redirection on search fields and Web apps such as iFrame injections during 2008 as against droppers and Trojan programs during 2007.
The World Wide Web has also left behind e-mail as the top vector for transmitting viruses, with infected websites increasing at the rate of 300% during 2008.
Hence, Kaspersky recommends that users make their antivirus up-to-date and scan their system for any possible presence of Sinowal. If it is found, then the system will have to be restarted while undergoing treatment, Kaspersky suggests.
Related article: Kaspersky Released Malware Statistics for September 2008
» SPAMfighter News - 20-05-2009