rarely profound, always profane...
Trojan Warning From The Nintendo Freak
forgot to mention, this trojan gets through most anti-virus programs, the link below is to the CLIENT tool that you extract the zip file, open the program and click scan, once the scan is done if you have it, it will give you the option to remove/disinfect, if you dont have it, congradulations and close the program, ill keep you posted as i learn more.
sorry if you guys get this twice, just want to make sure everyone gets this, please tell your friends, tell all you know and warn them about this worm that could disable your internet
http://www.bdtools.net/download-removal-tool.php
What is Downadup?
Win32.Worm.Downadup is a worm that relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network. The authors took various approaches to make this malware especially fast spreading and hard to remove.
This malware always comes wrapped in an obfuscated layer which aims at deterring analysis. The layer can be in two flavors, either packed with UPX or not packed, but it is always obfuscated and uses various rarely used apis to break emulators. The real malware is contained inside in an encrypted form. It is packed with a standard upx version, but to deter unpacking it is never written on disk and it doesn't have the PE header which makes it appear as an invalid executable. This has the side effect of being undetectable when injected into another process, it just looks as standard memory allocated page.
Read Full Technical Details about Win32.Worm.Downadup.
sorry if you guys get this twice, just want to make sure everyone gets this, please tell your friends, tell all you know and warn them about this worm that could disable your internet
http://www.bdtools.net/download-removal-tool.php
What is Downadup?
Win32.Worm.Downadup is a worm that relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network. The authors took various approaches to make this malware especially fast spreading and hard to remove.
This malware always comes wrapped in an obfuscated layer which aims at deterring analysis. The layer can be in two flavors, either packed with UPX or not packed, but it is always obfuscated and uses various rarely used apis to break emulators. The real malware is contained inside in an encrypted form. It is packed with a standard upx version, but to deter unpacking it is never written on disk and it doesn't have the PE header which makes it appear as an invalid executable. This has the side effect of being undetectable when injected into another process, it just looks as standard memory allocated page.
Read Full Technical Details about Win32.Worm.Downadup.
Replies to This Discussion
-
Permalink Reply by FuriousFiber on -
Security firm Symantec (NSDQ: SYMC) notes that the Downadup worm has swept through China, Argentina, Taiwan, Brazil, India, Chile, and Russia. The infection doesn't even register in the United States. Why?
As Symantec pointed out in this blog post, the geographic areas with the highest infection rates correlate with the regions that also have the highest piracy rates. Stolen copies of Windows don't get all of the updates, and those with stolen copies are much more likely to turn off their automatic updates. This seems to be a clean explanation as to why the worm -- which infects systems through a vulnerability Microsoft patched in October -- hasn't made a dent in North America, and has ravaged areas known for high levels of piracy.
This shows how simple common sense goes a long way toward keeping PCs from getting infected: patch, use antivirus software, and don't use dopey dictionary-based passwords. The mega-paranoid among us may want to disable auto-play, as (mostly through USB drives) the worm can spread that way.
Speaking of piracy, criminals are once again giving it to the users of peer-to-peer networks (which have never been the best way to get your software). These networks often are littered with malware. And it seems malware writers are now riding the wave of publicity surrounding Apple's new iWork '09 productivity software. They've circulated a Trojan named iWorkServices within a fake iWork '09 trial installer. If you'd like to trial iWork '09, get your copy from Apple's Web site.
The moral? Buy your software, patch, and download trials from legitimate Web sites.
-
Permalink Reply by Nintendo Freak on -
well spoken
About
Badge
© 2009 Created by drew domkus on Ning. Create Your Own Social Network
