New Backdoor Trojan Halts Windows Startup
The software developing company Microsoft has said that a fresh malware piece is so crafted that it can halt the start up process in Windows.
According to Microsoft, this malware is a backdoor Trojan dubbed Win32/Yonsole.A. To describe such a Trojan, security experts say it a malware sample that hijacks PCs and then links up with the attacker-controlled server to receive commands for execution.
The Yonsole, among its different functions, effectively kills Windows boot process right in the beginning.
According to Software Development Engineer 'Chun Feng' at Microsoft, the recently found sample of backdoor can take an instruction from a PC server in the remote and then execute it for altering the MBR (Master Boot Record) on the infected computer, as reported by Tom's Hardware on June 21, 2010.
Feng further says that the MBR alteration resembles the earlier "Stoned" worm that helps in DOS attacks. But in the current instance, the MBR merely exhibits a banner on the PC screen after which it freezes the system. According to the engineer, the company has identified the changed MBR as Trojan:DOS/Yonsole.A.
He adds that on running this Trojan, the malware, Backdoor:Win32/Yonsole.A is planted that enters inside services.exe and further plants one DLL file onto the <system folder> like f00165500k.cmd.
This DLL is featured with backdoor characteristics and is known as Backdoor:Win32/Yonsole.B. Besides, Backdoor:Win32/Yonsole.A plants the DLL in the form of a Service DLL to ensure it loads onto the system whenever Windows starts up.
In general, the Yonsole Trojan is capable of infecting Windows 7, Vista, and XP via the C:\\Windows\System32 drive.
The Trojan further dumps Windows NT and 2000 via placing a DLL inside C:\\Winnt\System32 in systems having active Windows NT and 2000.
Significantly, Yonsole was discovered between June 1 and 15, 2010 and has clean up software from all leading AV developers, including Microsoft Security Essentials. Yet computers becoming infected with Yonsole no longer remain under the user's control.
Hence, computer-users are advised to keep their AV programs up-to-date and ensure they contain all the current security patches, spyware and virus definitions so their systems stay protected from the attacks.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 30-06-2010