Symantec Security Response detected a new rootkit threat called "Tmphider." This threat has been stealing the attention because it uses techniques that have never encountered before and not as usual, is spread through USB drives.
According to observations, globally, Indonesia is the second country after India to become the main target of the attack "Tmphider" is.
"Symantec has added detection for this threat began July 13," said a spokesman for Symantec in his statement, July 20, 2010. "There are many files of the installer and the threat the rootkit component associated with this threat,"
"Although the analysis continues, we see that a lot of PCs in Southeast Asia which became the target of the threat,"
Some file names of these components include: ~ WTR4141.tmp, ~ WTR4132.tmp, Mrxcls.sys, Mrxnet.sys.
In addition, the threat it creates a shortcut file / related links within the system. An example is the Copy of Shortcut to.lnk and Copy of Copy of Shortcut to.lnk.
According to records there are three countries that most victims W32.Tmphider attacks.A total of 39.77 percent of the victims of this rootkit attacks originated from India.Victims of Indonesia recorded a 32.76 per cent 20.47 per cent as for other victims came from Iran.
In addition, Symantec also noted that the operating system is Windows XP Service Pack 2 is the OS of the most vulnerable to this attack. As many as 48 percent of victims W32.Temphid using the OS.
OS Windows XP SP3 to the second favorite with 34 percent of rootkits. As for Windows 7 (11 percent), Windows Vista (5 percent), and Windows Server 2003 (2 percent) in the next position.
"The attacks exploit newly discovered vulnerabilities and have not patched and it works just like Windows Explorer handles the files. Lnk," call Symantec.
"This feature has nothing to do with so disable Autoplay Autoplay will not help prevent worm infections in this attack. However, in general, disabling AutoPlay is a good idea, "call Symantec.
To overcome W32.Temphid, make sure the security applications installed on your computer has been updated with the updates that have been able to overcome the attack.
0 comments:
Post a Comment