New worm has the ability to bypass security applications
What a surprise it has Chinese orgins.
Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze.
The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties.
So how does the worm accomplish this feat?
However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk.
After entering the system undetected, W32.SafeSys.Worm performs a number of malicious operations from the infected system – such as seizing online game passwords, displaying fake gateways, automatic upgradation of new variants and insertion of iframe exploiting application that circulate through USB and LAN. (Source: BKIS – Deep Freeze application fails to detect new Chinese worm – SpamFighter)
Related articles by Zemanta
- Hospital Equipment Infected With Conficker (it.slashdot.org)
Posted on June 22, 2009, in attacks, Cybersecurity, malware, Security breach, virus, worm and tagged Deep Freeze, Faronics, Hard disk drive, LAN, Local area network, Personal computer, Security, Universal Serial Bus. Bookmark the permalink. Comments Off on New worm has the ability to bypass security applications.