Sality.AO spreads to 15,000 computers
Friday, February 20, 2009
A virus first detected earlier this month has infected more computers and threatens to commit identity theft with newer malware features, warns a web security provider.
Salito.AO attempts to infect machines with .exe and .scr files on a user's local network and on removable drives by overwriting code in the original file.
One security official told SCMagazineus.com in an email approximately 15,000 computers in 31 countries had been infected.
The virus reportedly avoids detection by using techniques called EPO and Cavity, two features some security experts haven't seen in a few years, according to the article. Though it is more difficult to create a virus with these tools, it may assist cybercriminals in evading capture.
EPO allows part of a legitimate file to run before the virus starts while the Cavity feature inserts the virus into blank spots of the original file's code.
Security officials also told the news provider those behind the virus are using new malware features allowing them to connect to IRC channels to receive remote commands, suggesting the infected machines could turn into bots capable of administering denial-of-service attacks.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
