WHO is assessing ongoing research on the ways COVID-19 is spread and will continue to share new findings on this topic.
Monday, April 27, 2020
Can I catch COVID-19 from the faeces of someone with the disease?
WHO is assessing ongoing research on the ways COVID-19 is spread and will continue to share new findings on this topic.
Thursday, February 11, 2010
Trojan.PWS.Onlinegames.KDCI - Online Games Malware
This is yet another variant of one of the most prolific online-games password stealer malware "families" out-there.
Upon execution, the first thing it does is to create autorun.inf files pointing to copies of itself, making sure it can survive after a system restart. These files will be located on root of the local drives of an affected system.
It creates another copy of itself into the temporary folder of the current user, where it also drops a new dll file which implements all the functionality required for stealing passwords related to MapleStory, The Lord Of The Rings Online, Knight Online, Dekaron or other games.
Upon execution, the first thing it does is to create autorun.inf files pointing to copies of itself, making sure it can survive after a system restart. These files will be located on root of the local drives of an affected system.
It creates another copy of itself into the temporary folder of the current user, where it also drops a new dll file which implements all the functionality required for stealing passwords related to MapleStory, The Lord Of The Rings Online, Knight Online, Dekaron or other games.
Friday, February 5, 2010
Trojan.Downloader.Bredolab.CJ - Virus Micr. Word Icon
This malware has a word document icon in oder to lure the user into opening it.It copies itself in %Programs%\Startup\rarype32.exe in order to start along with Windows and removes traces of installation on the machine by deleting the original file which generated the infection.
Trojan.Downloader.Bredolab.CZ has 2 components:
- packed main executable
- downloader (which is never written on disk directly but is injected into other processes)
The trojan creates a custom unique mutex in order to check if the system is already infected. Also it inject itself into a running version of "explorer.exe"
Tuesday, February 2, 2010
Trojan.FakeAV.XP - Fake Antivirus Malware
The user receives messages of false infection on his computer in order to make him activate (buy) the fake antivirus product. The rogue antivirus resembles the program suite from the operating system and on the installation of the malware the user can notice the following image :
Also the malware creates the following file %CommonAppData%\[RandomString]\[RandomString].exe. Another noticeable sign of infection is the folder %AppData%\Enterprise Suite.
* A typical path for %CommonAppData% is C:\Documents and Settings\All Users\Application Data.
* A typical path for %AppData% is C:\Documents and Settings\[UserName]\Application Data.
Also the malware creates the following file %CommonAppData%\[RandomString]\[RandomString].exe. Another noticeable sign of infection is the folder %AppData%\Enterprise Suite.
* A typical path for %CommonAppData% is C:\Documents and Settings\All Users\Application Data.
* A typical path for %AppData% is C:\Documents and Settings\[UserName]\Application Data.
Monday, February 1, 2010
Worm.Zimuse.A - WinZip icon Malware
SYMPTOMS:Presence of the following files
* %system32%\drivers\mstart.sys
* %system32%\drivers\mseu.sys
TECHNICAL DESCRIPTION:
The malware comes as an application with a WinZip icon in order to trick the user into running it. To look even more as a a self-extracting archive it displays a dialog box asking for a password in order to successfully unzip the package contents.
Subscribe to:
Posts (Atom)