Big global issues, such as Japanese earthquake, are the easiest way to be used as a social engineering by cyber criminals and malicious file distributor.
[Online criminals bring the Libyan conflict to your computer]
http://blogs.paretologic.com/malwarediaries/index.php/2011/04/01/online-criminals-bring-the-libyan-conflict-to-your-computer/
http://blogs.paretologic.com/malwarediaries/index.php/2011/04/01/online-criminals-bring-the-libyan-conflict-to-your-computer/
2. Spreading path and symptoms of infection
This site and domain looks newly generated recently. You can get information about Libyan news on this web site.
This site provides most information through various links with reliable organizations.
Also, it can download additional malicious files through Java Applet on accessing.
* Downloaded file
- FreeLibya.jar (2,762 bytes)
- FreeLibya.jar (2,762 bytes)
Since its file name "FreeLibya.jar" is also related with Libya, users can be easily lured.
But downloading jar file depends on current installed Java JDK version.
* When JDK hasn't been installed
* When JDK has been installed
Upon executed download jar file, it will download additional malicious file, "javaclient.exe" through internal class file.
If downloaded malicious file "javaclient.exe" is executed, it will create its cloned file as following path and set preference to start itself on booting automatically.
* Generated file
- (User temporary folder)\svc21host.exe (1,130,496 bytes)
* Generated registry
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Name : svc21host
- Data : (User temporary folder)\svc21host.exe
* (User temporary folder) means "C:\Documents and Settings\(User account)\Local Settings\Temp" generally.
- (User temporary folder)\svc21host.exe (1,130,496 bytes)
* Generated registry
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Name : svc21host
- Data : (User temporary folder)\svc21host.exe
* (User temporary folder) means "C:\Documents and Settings\(User account)\Local Settings\Temp" generally.
Furthermore, it will be still connecting to certain external site continuously such as following figure; as a result this PC can be a Botnet.
3. How to prevent
Global issues can take interest of publicity. Malicious file programmer and cyber criminals are distributing malicious files with using social engineering.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
※ Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system against various security threats.
شركة مكافحة النمل الابيض بالرياض
ReplyDeleteشركة مكافحة حشرات بابها
شركة رش مبيدات بابها
عزل الاسطح بابها
تنظيف فلل بابها
مكافحة النمل الابيض بابها
مكافحة البق بابها
مكافحة الصراصير بابها
تسليك مجارى بابها
شركة تنظيف خزانات بابها
شركة تنظيف كنب بنجران
شركة تنظيف مساجد بنجران
شركة تنظيف سجاد بنجران
شركة كشف تسربات المياه بنجران