Wednesday, October 25, 2006

Sophistication of Viruses and Trojans

Security experts have discovered viruses that install and use Anti-Virus in order to prevent competition from other viruses.

Its interesting to figure out what the newly discovered Trojan "SpamThru" actually does.
1. It infects computers on the internet.
2. Then it downloads Kaspersky AntiVirus and installs it in the infected computer and configures Kaspersky AntiVirus to ignore "SpamThru", thereby preventing other viruses from infecting its host, thereby eliminating competition.It even applies a crack to Kaspersky AntiVirus in order to prevent the software from licencing and expiry problems!

3. Moreover, SpamThru uses its own custom P2P protocol to transmit data among infected computers. Like BitTorrent network, SpamThru uses its own network to issue updates to the virus, so that the virus code is updated often and goes undetected by major Antivirus softwares.

4. Another interesting thing is that the virus uses AES (Advanced Encryption Standard,an encryption standard by the U.S. government) to encrypt its data that is sent over its network in order to avoid detection by other spammers!

Security expert, Stewart at SecureWorks states that,
"The complexity and scope of the project rivals some commercial software," he wrote. "Clearly the spammers have made quite an investment in infrastructure in order to maintain their level of income."

It seems the spammers and criminals benind these softwares are following a high level of software development engineering mechanisms.

We, the users of Internet must be well prepared to tackle such high level sophisticated viruses.

Simply follow these guidelines to have a clean system(and ensure a cleaner Internet),
- Install an Anti-virus and keep it upto-date( i use norton 2003)
- IE users must install Service Pack 2 for XP, or else use Firefox
- Keep an anti-spyware software such as Spybot or Spydoctor

No comments:

Post a Comment