Source: Tianji Net January 20th, Jiangmin Anti-Virus Center intercepted "I-WORM / MSN.DROPBOT), the virus spread through MSN, can release the latest variant of" Robert "back door virus Backdoor / RBOT yi. Hackers use this virus to make "zombie computers" in large quantities, thereby manipulating these zombie networks to initiate network flood attacks on any goal.
According to Jiangmin anti-virus experts, the greatest hazard of "MSN Ghost" virus lies in the release of "Robert" viruses. "Robert" virus family and its close relatives "high wave" family enable the user system to be fully controlled by hackers and become a "zombie computer". This variander can spread through a variety of system vulnerabilities and weak vulnerabilities, and the infection ability is extremely infected. In the past year, Jiangmin Company intercepted nearly 3,000 varieties of this type of virus. The latest variants increased through the function of MSN, and infectious infectious.
After the "MSN Ghost" runs, automatically sends a poisonous file to all MSN friends infected by the infected computer. In order to make itself not being deleted by the user, the virus will stop cmd.exe and taskmgr.exe to run, to achieve the purpose of banning the right mouse button, and the difficulty of handling the virus is very difficult. The virus will release the Oms.exe file, which is the latest variant of the "Robert" virus. After Robert's latest variant, generate a viral file LEXPLORE.exe in the system directory, and modify the registry key to run yourself with the operating system.
Anti-virus expert introduction, "Robert" variant released by "MSN Ghost" is similar, mainly transmitted by Microsoft's WebDAV vulnerability, impact wave vulnerability, shock wave vulnerability, and administrator accounts, and receive hackers from IRC. Make the infected computer completely controlled by hacker, becoming "zombie computer", and this time, with MSN communication, it may make a large number of "zombie computers" in the network, thus providing a weapon for hackers to initiate network flood attacks for hackers. .
For the virus, Jiangmin Company has upgraded in the first time, please upgrade the KV2005 to January 21st virus library, do not receive operational unknown procedures from the MSN, protect your system from the virus.
