Wednesday, May 27, 2009

beware of trojan and net-worm..

okay, my exam did not allow me to blog for two weeks.
hmm..., i'll make it up.
Lets explain some simple thing called 'trojan virus'
many mite have know about it.
But there are some of us who still did't know.
Have you heard of the trojan horse?
Here is about it,
The Trojan Horse was a tale from the Trojan War, as told in Virgil's Latin epic poem The Aeneid. The events in this story from the Bronze Age took place after Homer's Iliad, and before Homer's Odyssey. It was the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict. In the best-known version, after a fruitless 10-year siege of Troy the Greeks built a huge figure of a horse in which a select force of men hid. The Greeks pretended to sail away, and the Trojans pulled the Horse into their city as a victory trophy. That night the Greek force crept out of the Horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city, decisively ending the war. A "Trojan Horse" has come to mean any trick that causes a target to invite a foe into a securely protected bastion or place.

Get a clear picture of it?
hmm..., so basically a trojan virus those the same thing where it comes in the computer while you were downloading something and it comes with it(buy one free one concept..hahax)
It then releases when you open the file that you download and execute some malicious code..
Usually happens a lot to us guys who download pornography or software.
Its a heavy file so we won't notice..

Okay, lets talk about Net-Worm.Win32.Kido.
Net-Worm.Win32.Kido exploits a critical vulnerability in Microsoft Windows to spread via local networks and removable storage media.

The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.

Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

There are 4 types:

Net-Worm.Win32.Kido.bt : This worm spreads via local networks and removable storage media. It is a PE DLL file. The components of the worm are between 155KB and 165KB in size. It is packed using UPX.

Net-Worm.Win32.Kido.dv : This worm spreads via local networks and removable storage media. It is a PE DLL file. The components of the worm are 165840 B. It is packed using UPX.

Net-Worm.Win32.Kido.fx :This malicious program exploits the MS08-067 vulnerability to spread via network resources and removable storage media.This modification of the worm is a Windows PE DLL file. The file is 158110 bytes in size. It is packed using UPX.

Net-Worm.Win32.Kido.ih : This network worm spreads via local networks and removable storage media. When it copies itself to remote computers, the worm creates a temporary file with a random extension. The program itself is a Windows PE DLL file. The worm components vary in size from 155KB to 165KB. It is packed using UPX.

The one with the .ih is quite dangerous coz it may copy itself to remote computers and with random extension.

No comments: