Saturday, February 20, 2010

"Gray Pigeon" New variants of rampant Internet

National Computer Virus Emergency Response Center network monitoring via the Internet found that, in many recent computer users by the "gray pigeons" new variant (Backdoor_GreyPigeon.Asiy) threat, to remind users to be careful to guard against.

Experts say that the variant is a reverse connection back door process, that the reverse connection can bypass the network firewall monitoring. It would take the initiative to connect the infected operating system, a malicious attacker to specify a remote Web site to obtain client's IP address. A malicious attacker to manipulate the client has been infected with the operating system is a server-side. Subsequently, the infected operating system will be listening a malicious attacker's instructions, in order to achieve the remote control.

The variant is running, it will be its own copy of the infected operating system directory, and set its properties to hidden, system, read-only in kind. At the same time, it creates some system services, and modify the registry in order to achieve self-starting with the operating system. It also infected the operating system in the new IE browser, the process of its property to hidden, and the virus file itself into the process.

In addition, through the "gray pigeons" in the background records of the infected operating system, keyboard users, malicious attackers to steal computer users the system can be any of the personal privacy of information and local system information, and send that information to malicious attacks, which will eventually lead to the user's computer system is a remote control, system files have been maliciously removed, the system automatically upload malicious program the remote to download files.

Experts suggest:

1, in time to upgrade computer systems in the anti-virus software and firewalls; in the use of computer systems, when browsing the web, open system, anti-virus software, "real-time monitoring" function at the same time to open the firewall.

2, Do not be easily downloaded from the Internet to run anti-virus software without the system processed the data file, or suspicious plug-in, it is best to run its full scan before.

3, timely vulnerabilities to download and install patches to the system administrator account set up more complex passwords, the best password-digit number, such as: letters + numbers + other symbols; disable / delete some do not use the system account.

4, closure of the system does not require the service process, there are no special circumstances, the best there is no need to turn off the shared disk partition.