BitDefender Alarms Threat by New IM Worm to AV Sites
According to security researchers at BitDefender, a spiteful component disseminated by Instant Messenger (IM) worm damages antivirus systems and prevents access to numerous security-related websites.
Researchers at BitDefender revealed that the problem is initiated with just a click of the mouse to a much perceived harmless link sent by a malicious contact through the MSN Messenger. The other end of the connection contains the Trojan software carrying innumerable spiteful code.
This malicious software Trojan is activated immediately once the program is launched in the compromised computer. Hereafter, it is advised to search and clean out the series of processes that are linked with the antimalware products or take the assistance of digital forensics software.
The malicious software Trojan efficiently injects several URLs into the HOSTS file and then forwards them consequently to a number of unallocated IPs, which makes them completely inaccessible from any other browser.
This Trojan also loads several URLS in an undetectable browser control. This content projects the attackers' ads; it is then analyzed in HTML code and then on the respective ads the clicks are simulated. BitDefender highlights that the cost of this whole process ranges between $0.05 and $1 per click, based on the advertiser.
The team at BitDefender firm notifies that the computer Trojan utilizes several self-preservation mechanisms including modification of the entry point of a svchost.exe process to launch its code automatically.
According to Security Researcher Bogdan Botezatu, it is a very frequent practice prevalent in the malware industry ensuring that any user trying to view the happenings in the process list would be barred from detecting the malicious code existing in the in-memory, reports softpedia on April 15, 2011.
At the first place, as Trojan disables access to the task manager, the process list is itself problematic. Even the registry editor is prevented from running BitDefender.
Users are thereby advised to be cautious and alert while handling links from instant messaging programs, though they might be sent by friends. It is always necessary to run an updated and competent antivirus program.
» SPAMfighter News - 23-04-2011