Site menu
Login form
Our poll
Rate my site
Результаты | Архив опросов
Всего ответов: 8
Site friends
  • Create a free website
    • Statistics
    Онлайн всего: 1
    Гостей: 1
    Пользователей: 0
    Main » 2011 » Март » 16 » Neverending story
    13:16
    Neverending story
    At the request of FkSD, because he does not have karma.

    Last night botnet Kido began to work. The event is expected by experts, since 1 April - occurred.

    Computer literacy infected with Trojan-Downloader.Win32.Kido (aka Conficker.C), interacting with each other via the P2P-compounds gave the team infected machines to download new files.
    The new version Kido (Net-Worm.Win32.Kido.js) - differs significantly from previous versions and has two important differences - is again a worm and it will only work until May 3, 2009. More detailed analysis of its functionality is currently in progress.
    In addition to updating itself Kido downloaded to infected computers new files and is the most interesting in this story.
    One of the downloaded file is a fake antivirus - FraOudTool.Win32.SpywareProtect2009.s
    Even the very first version of Kido, in November last year, also downloaded a fake anti-virus software in the system. After nearly six months - this functionality once used by unknown cyber criminals.
    SpywareProtect2009 posted on spy-protect-2009.com, spywrprotect-2009.com, spywareprotector-2009

    While running it shows the following interface and, by tradition, offers a "delete found viruses, asking for it money - $ 49.95


    At the moment support the spread of fake antivirus performed a site hosted on the territory of Ukraine (131-3.elaninet.com, 78.26.179.107)
    The second file that was installed on the infected system Kido became Email-Worm.Win32.Iksmas.atz, also known as Waledac. An email worm, which has to steal data and send spam.
    Iksmas (Waledac) appeared in January 2009 and even then many experts have noted the similarity in terms of algorithms and Kido between them. All the time until the epidemic passed Kido - paralellno was no less massive epidemic Iksmas in the email. However, until now there was no evidence linking these worms with each other.
    Tonight, the evidence is there - Kido and Iksmas together now present on the infected computers in the hands of a giant botnet zlomyshlennikov appeared designed to send spam.
    In addition, while unconfirmed information, possibly under attack sites of some companies and organizations participating in the group Conficker Working Group.

    © Gostev Alexander, www.secureblog.info
    Views: 497 | Added by: w1zard | Rating: 0.0/0
    Total comments: 0
    Имя *:
    Email *:
    Код *: