AutoRun For Malware

AutoRun For Malware : One out of everyeights attack come via a usb device(dari pendrive la maknanya)..

PRAGUE, Czech Republic, November 3, 2010 - AVAST Software, developer of the award-winning avast! antivirus program, is detecting a growing number of malware attacks targeting the AutoRun function in Windows and plug-in USB devices. Researchers found that, of the 700,000 recorded attacks on computers in the avast! CommunityIQ system during the last week in October, one out of every eight attacks – or 13.5% – came via USB devices.

The key attack point for malware is the ‘AutoRun’ feature in Microsoft Windows operating systems (OS). AutoRun alerts computer users when a new device such as a memory stick is connected and is designed to help them choose what application should run with the new files.

“AutoRun is a really useful tool, but it is also a way to spread more than two-thirds of current malware. The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers – which were also spread via infected memory sticks,” said Virus Lab analyst Jan Sirmer. “Cyber-criminals are taking advantage of people’s natural inclination to share with their friends and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario.”

This feature is misused when a USB device infected by “INF:AutoRun-gen2 [Wrm]”, avast!’s generic detection term for this type of malware worm, is connected to a computer. The infected device – most commonly a memory stick, but potentially any device with a mass-storage capacity such as a PSP, digital camera, some cellular phones, and mp3 players – starts an executable file which then invites a wide array of malware into the computer. The incoming malware copies itself into the core of the Windows OS and can replicate itself each time the computer is started.

Out of the total AutoRun-gen2 attacks, 84% of the attempts were repelled by the on-access scans in the avast! System Shield. The malware was detected at the time when the USB device was initially connected. The remaining 16% were discovered during scans of the computer hard-drives.

CommunityIQ is a select group of avast! users that automatically send data on the malware they encounter to the Virus Lab. As a cross-section of avast!’s global user pool of over 130 million, the CommunityIQ represents a statistically significant sample of current malware dangers. The submitted data is then analyzed and incorporated into avast! protective shields and the virus database sent to all users.

The low cost of USB memory sticks makes it easy for friends and work colleagues to exchange large media files and creates a convenient target for cyber criminals. “In a work environment, staff will often bring in their own USB memory sticks to move files around,” Mr. Sirmer comments. “This can bypass gateway malware scanners and leave the responsibility for stopping malware just on the local machines’ antivirus software.”

Detecting AutoRun-gen2 is complicated by the growing memory of USB devices and more complex obfuscation techniques. “A full scan can take up to an hour for a one terabyte device, so people will skip this entirely or just go for a quicker on-access scan,” said Mr. Sirmer. This danger is poised to increase with the introduction of the new USB 3 standard. In parallel with these technological improvements, the writers of AutoRun malware are developing new code and ways how to obfuscate their work. “Once I found ‘y0u c4nt st0p us’ in the middle of some code,” quipped Mr. Sirmer. “They know they are in the lead.”

How Did My PC Get Infected with Autorun Malware?

The following are the most likely reasons why your computer got infected with Autorun Malware:

  • Your operating system and Web browser's security settings are too lax.
  • You are not following safe Internet surfing and PC practices.

Downloading and Installing Freeware or Shareware

Small-charge or free software applications may come bundled with spyware, adware, or programs like Autorun Malware. Sometimes adware is attached to free software to enable the developers to cover the overhead involved in created the software. Spyware frequently piggybacks on free software into your computer to damage it and steal valuable private information.

Using Peer-to-Peer Software

The use of peer-to-peer (P2P) programs or other applications using a shared network exposes your system to the risk of unwittingly downloading infected files, including malicious programs like Autorun Malware.

Visiting Questionable Web Sites

When you visit sites with dubious or objectionable content, trojans-including Autorun Malware-, spyware, and adware, may well be automatically downloaded and installed onto your computer.

Detecting Autorun Malware

The following symptoms signal that your computer is very likely to be infected with Autorun Malware.

PC is working very slowly
Autorun Malware can seriously slow down your computer. If your PC takes a lot longer than normal to restart or your Internet connection is extremely slow, your computer may well be infected with Autorun Malware.

New desktop shortcuts have appeared or the home page has changed
Autorun Malware can tamper with your Internet settings or redirect your default home page to unwanted web sites. Autorun Malware may even add new shortcuts to your PC desktop.

Annoying popups keep appearing on your PC
Autorun Malware may swamp your computer with pestering popup ads, even when you're not connected to the Internet, while secretly tracking your browsing habits and gathering your personal information.

E-mails that you didn't write are being sent from your mailbox
Autorun Malware may gain complete control of your mailbox to generate and send e-mail with virus attachments, e-mail hoaxes, spam, and other types of unsolicited e-mail to other people.

Also Be Aware of the Following Threats:

Malware







USB safety pointers

  1. Be aware. Around 60% of malware can now be spread via USB devices. This is an under-appreciated threat to home and business computers.
  2. Don’t start attached. Turning on a PC with a USB device attached can result in malware being loaded directly to the computer ahead of some antivirus programs starting up.
  3. Scan first, look second. Make sure you have enabled “on-access auto-scans” in your antivirus program.

Comments

Post a Comment

Popular posts from this blog

BAGI MAKLUMAN PEMEGANG SIJIL KEMAHIRAN MALAYSIA(SKM)SAHAJA.. 1. Adakah sijil kemahiran malaysia diiktraf atau di perakui oleh MQA (pengiktrafan kerajaan) atau badan professional seperti BEM,IEM,IEEE ? adakah sijil kemahiran malaysia diiktraf oleh universiti2 antarabangsa untuk tujuan sambung belajar? Jawapan: Untuk makluman, terdapat tiga sektor di dalam Kerangka Kelayakan Malaysia (MQF) iaitu sektor kemahiran, sektor vokasional dan teknikal dan sektor pengajian tinggi. Rujuk MQF di Lampiran A. Sektor vokasional dan teknikal serta pengajian tinggi adalah di bawah bidang kuasa Agensi Kelayakan Malaysia (MQA) manakala bagi sektor kemahiran adalah di bawah bidang kuasa Jabatan Pembangunan Kemahiran (JPK). Ini adalah berdasarkan akta kedua-dua agensi iaitu Akta Agensi Kelayakan Malaysia 2007 (Akta 679) dan Akta Pembangunan Kemahiran Kebangsaan 2006 (Akta 652). Program latihan dan persijilan di bawah sektor kemahiran adalah tidak memerlukan proses akreditasi/ pengiktirafan MQA. MQA dan JPK
Read more

List Of MSI Motherboard with type of Processor Slot

Company name: MSI List of MSI motherboards: Slot 1 motherboards BX Master (MS-6163) MS-6119 MS-6120 MS-6147 MS-6156VA MS-6163 Pro (MS-6163Pro) MS-6163VA MS-6183 MS-6183E MS-6199VA Slot A motherboards K7 Pro (MS-6195) MS-6191 Socket 1156 motherboards Big Bang-Fuzion Big Bang-Trinergy H55-G43 H55-GD65 H55M-E21 H55M-E32 H55M-E33 H55M-ED55 H55M-P31 H55M-P33 H57M-ED65 P55-CD53 P55-GD55 P55-GD61 P55-GD65 P55-GD65 USB3 P55-GD80 P55-GD85 P55A Fuzion P55A-G55 P55A-GD55 P55A-GD65 P55M-GD41 P55M-GD45 Socket 1366 motherboards Big Bang-XPower Eclipse Plus Eclipse SLI X58 Platinum X58 Platinum SLI X58 Pro X58 Pro SLI X58 Pro-E X58 Pro-E USB3 X58A-GD65 X58M Socket 370 motherboards 694 Master (MS-6309) 694D Master (MS-6362) 694D Pro (MS-6321) 694D Pro2 (MS-6321) 694T Pro (MS-6309) 815 Pro (MS-6326) 815E Pro (MS-6337) 815EM pro (MS-6315) 815EP Pro (MS-6337) 815EPT Pro (MS-6337) 815ET Pro (MS-6337) 815M Pro (MS-6334) MS-6153 MS-6153VA MS-6154VA MS-6178 MS-6178E MS-6198 MS-6309 MS-6309 Lite (MS-6309 Ver2
Read more

How to resize and extend centos 7 disk manually

 How to resize and extend centos 7 disk manually Resizing The Partition You need to modify the   Linux   partition table within the   virtual machine   to recognize that the disk size has changed. This can be done using the   fdisk   utility, which is a partition editor. For the   virtual machine   provided by Nagios Enterprises: sda1   is used for the   boot   partition sda2   is the device for all logical volumes, this is the partition you need to edit Start   fdisk   by executing the following command: fdisk /dev/sda   You should print the current partition table so you can keep track of your changes as you go: Command (m for help): p Take a screenshot or copy the screen contents into a text file in case you want to reference it later. To resize a partition, you actually "delete" it and then add a new one with the new size, making sure to place the beginning of the new partition at the same sector/cylinder as the old one started. This process is NOT destructive, your data
Read more