New worm has the ability to bypass security applications

What a surprise it has Chinese orgins.

Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze.

The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties.

So how does the worm accomplish this feat?

However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk.

After entering the system undetected, W32.SafeSys.Worm performs a number of malicious operations from the infected system – such as seizing online game passwords, displaying fake gateways, automatic upgradation of new variants and insertion of iframe exploiting application that circulate through USB and LAN. (Source: BKIS – Deep Freeze application fails to detect new Chinese worm – SpamFighter)

Reblog this post [with Zemanta]

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on June 22, 2009, in attacks, Cybersecurity, malware, Security breach, virus, worm and tagged , , , , , , , . Bookmark the permalink. Comments Off on New worm has the ability to bypass security applications.

Comments are closed.

%d bloggers like this: