Symantec Discovers New PC Virus W32.Sapaq
The security company 'Symantec' on June 12, 2009 detected a freshly released computer virus named 'W32.Sapaq' that multiplies automatically and spreads infection to other PCs through computer networks even without the slightest user-participation.
The company's researchers state that normally viruses are generated devoid of any aim to change the settings on the infected PC as their only purpose is to proliferate. However, the new virus develops every day, with its 'payload' integrated inside its code.
Due to this kind of integration, viruses having payloads are so created that they do things beyond mere proliferation. Accordingly, they plant backdoors that allow a Trojan horse to infect systems and results in file encryption within an attack that performs cryptoviral extortion. Besides, they assist in transmission of the host computer's sensitive data through e-mail to a previously arranged designation e-mail within the code of the viruses.
In certain instances, the payload of the virus relates to a program that erases data files from the host PC or turns the infected PC into a "zombie" computer.
This 'zombie' subsequently allows the virus' progenitor to acquire control over the infected computer and its data files. Again due to this nature of the virus and the malware's potentially 'zombie' payload, the contaminated systems are frequently utilized as botnet PCs for sending junk or spam mails.
Meanwhile, the W32.Sapaq virus infects Microsoft's Windows operating system such as Windows 95, 98, 2000, ME, NT, XP, Server 2003 and Vista.
The malicious program's estimated size varies approximately between 81,439 and 81,463 bytes. Additionally, although Symantec has rated the virus as a "low" risk program, it could well pass off as a moderate threat due to the nature of its payload. The virus, alongside erasing files on the host machine craftily, creates other new files that could allow it to be called a moderate threat.
The security analysts from Symantec thus recommend that users should deactivate System Restore in Windows XP/ME to remain safe from becoming a victim of W32.Sapaq. Users should make their antivirus software up-to-date and then perform a comprehensive scan on their systems.
» SPAMfighter News - 01-07-2009