ByREV

Pana astazi nu am vazut un asemenea virus, atat de “virulent” adica atat de persistent in a intra in sistem.

Cum se comporta:

In momentul in care yahoo messenger se logheaza pe server si inainte de a incarca tampita aia de fereastra cu reclame, virusu’si face loc in fisierele temporare din windows. Daca nu aveti antivirus bun exista un risc destul de mare ca sistemul sa fie contaminat cu tot felul de spyware si torieni VBS sau de alta natura.

un alt simptom este ca internetul merge extrem de greu, apar pierderi si apare latenta foarte mare pe reteaua locala:

Reply from 89.136.236.254: bytes=32 time=4ms TTL=64
Reply from 89.136.236.254: bytes=32 time=9ms TTL=64
Request timed out.
Request timed out.
Reply from 89.136.236.254: bytes=32 time=5ms TTL=64
Request timed out.
Reply from 89.136.236.254: bytes=32 time=6ms TTL=64
Request timed out.
Request timed out.
Reply from 89.136.236.254: bytes=32 time=269ms TTL=64
Request timed out.
Request timed out.
Reply from 89.136.236.254: bytes=32 time=171ms TTL=64
Request timed out.
Reply from 89.136.236.254: bytes=32 time=3ms TTL=64
Reply from 89.136.236.254: bytes=32 time=6ms TTL=64
Reply from 89.136.236.254: bytes=32 time=4ms TTL=64
Request timed out.
Reply from 89.136.236.254: bytes=32 time=3ms TTL=64

Cred ca totusi se foloseste de o gaura de securitate si din windows XP si asta din cauza ca tampitul de yahoo foloseste niste chestii legate de IE, adica de “BUBA cu Puroi” made by microsoft.

Singura solutie rapida care am gasit-o a fost un bypass al conexiunii locale folosind un proxy-tunneling criptat intr-un server de hosting pe care tin domeniile.