Viruses now penetrating deeper
Summary
Topics
The antivirus company said in a video conference Wednesday, a new variant of botnet, Sinowal--also known as Torpig--marks the first time cybercriminals have used such sophisticated methods.
Kaspersky said Sinowal writes itself to the user's hard drive master boot record (MBR), the operating system's lowest level, and has been successful in avoiding detection by antivirus products.
It said the worm has has over the last month been actively spreading through a number of methods including Web sites exploiting the Neosploit rootkit and a vulnerability in PDF software, Adobe Acrobat Reader.
Konstantin Sapronov, head, virus lab, China, Kaspersky, said new methods of infiltration have also rendered it nearly impossible for users to avoid infection, even if they are careful. Seemingly clean sites can also perform backend redirection to malware-ridden sites.
Sapronov said Web malware authors have favored redirection exploits on Web apps and search fields, like iFrame attacks during 2008, compared to 2007 which saw more Trojan horses and droppers being used.
The Web has also overtaken e-mail as the top transport medium for viruses, with the number of infected sites growing 300 percent in 2008, he said.
This article was originally posted on ZDNet Asia.
Talkback Most Recent of 18 Talkback(s)
-
Writing the MBR in Vista requires administrative privileges
Writing the MBR in Vista requires administrative privileges => yet another reason to keep the UAC enabled
qmlscycrajg13th May 2009 -
re: Writing in the MBR ........
Microsoft has its own self to blame for all of this mess, UAC is nothing more than a obstacle for these people they will get around it.
Until people realize the cost associated with Licenses, Anti-Virus licenses, Firewalls and the constant Worms, exploits, viruses that emerge it seems like a daily basis and get away form this entire platform there is LIFE outside of Windows.
Other countries have ditched MS and went to either a Supported Linux distro or their own.
Trying to control the market generally comes to an end, in due time.
Christian_<><13th May 2009 -
Ha!
That didn't take long
djmik13th May 2009 -
If it was Linux...
If Linux or MacOSX had 80% market share, the case would be the same...
The most secure OS is the least popular one. Virus writers just target the users of the most popular platform. And the weakest security link of a computer is the user himself (be it Linux, Mac or Windows)
ravinsp13th May 2009 -
RE: If it was Linux...
Actually, not in Linux, because most users are not logged in as root all of the time. Do you even use Linux? You don't seem very knowledgeable.
aleccj113th May 2009 -
Actually I do..
I don't know whether I'm knowledgeble or not but I do use Ubuntu and have used several other distros.
As you've said, it's about the user. Since users are not logged in as root they are safe. Same goes for Windows. And UAC is just like "gksu". Used to temporarily escalate privileges.ravinsp13th May 2009 -
RE: If it was Linux...
root? who needs root to foul up linux ?
there are some distros, in which the first user is in the admin-group -> nice
a lot of users are used to use "su"
and what will happens, if a malware is spread as a "must have program"
do you realy think: a user will think twice about install something elevated?
Until now linux, Bsd and others are only safe, because they are not "in every home"
syrabert@...14th May 2009 -
Which distro?
There is no Linux distribution which has 80% of the Linux market.
If Linux ever gets 80% of the internet market it is likely to find itself among at least three distributions, using four or more browsers on maybe two or so desktops.
All of them are likely to report themselves as Internet Explorer running on Vista to any website they visit.
epcraig13th May 2009 -
80% for one distro
I meant 80% for one distribution. Consider Windows as a single distribution with different versions. Imagine if Ubuntu had 80% market share, who would need to target Windows?
If that 80% is scattered among several distribution we cannot consider it a single OS. (Linux is just the Kernel right? The distribution makes it an OS) Then Virus writers will have to focus on multiple OSes. (So does Device manfacturers, Support groups, Application developers...)ravinsp13th May 2009 -
You're wrong
An OS isn't just the kernal and most distros are alike enough to be taken on by virus writers if there was enough incentive.
MythicalMe14th May 2009 -
never be fixed
There is too much money in malware for both the software vendors and
the malware writers to ever get a solution.
If you want to find out why, follow the money.
gertruded13th May 2009 -
RE: Viruses now penetrating deeper
How can they do that without full access privileges?ravinsp13th May 2009 -
They don't....
If I got a dime for every time I told a user to not use the administrative user as their primary login, and paid them a dime every time they followed my instructions. I'd have a pretty good business going. Windows just doesn't shell well and without something like "SUDO", you have to log in and out to do anything. (Yes, I know about run as administrator. No, it doesn't always work.)
Socratesfoot13th May 2009 -
Nicely put
Same here.. It's always the user. "run as administrator" is crap. "gksu" is way better than that. I thought that's the purpose of UAC. isn't it?ravinsp13th May 2009 -
RE: Viruses now penetrating deeper
let's stick it to malware jerks....go back to paper and pencil!! (joke...alert!)
tender rouge13th May 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
