Virus skillfully push "domino" Jinshan Poison PA took the lead in killing

"Users bubble in the forum to complain: Download U disk production tools, after the operation of the discovery is not a mass production tool, desktop IE icon to open the Web site navigation station, but also forced to install a number of Internet software. "September 23, Jinshan poison PA intercepted this type of virus, the operation of the virus such as the domino, can bypass a variety of security software, Jinshan poison pa can be killing."

User bubble Download the so-called "U disk mass production tool", the actual virus for the author of the Internet software download modified, only the original program to download the normal software target address to modify the virus. Jinshan Drug engineer pointed out that the virus can be modified by the author of the Chinese Internet software downloader Thousands, such tools will become a new opportunity to spread the virus.

After running this modified software downloader, you will download an MSI installation package with more than 10 executables, only one is a virus and all other files are normal programs. Virus authors use a series of actions after the normal program runs to start the virus. Jinshan Poison Bully Cloud Safety Center monitoring data show that the virus infection rate of more than tens of thousands of units per day.

Figure 1 Sample sample: MSI file (contains more than 10 files, only Install.bat is a virus)

"These actions look like a domino, and the normal process has been added to the trusted whitelist by many security software," said Jinshan security experts. As a result, the antivirus software does not intercept when the virus is running, and the user's browser and desktop icons are overwritten.

Fig. 2 Jinshan Poison Fighter Engineers explain the process by which the virus authors tear down dominoes

Jinshan Poison PA Safety experts pointed out that in our computer, the virus authors can be used to create a "domino" effect of the software may be very many, a little bit of the impossible. This virus uses the characteristic to be worth the security manufacturer high attention, in the anti-virus software The simple addition white list may not be wise, the user needs to respond more agile anti-virus software.

These viruses are mainly through some uncommon tool software, cracked patches, games and other software download stations to disseminate, when netizens search for some unusual software, should try to choose the sky, Huajun this audit more stringent download station, to avoid downloading from unknown sites, small sites to spread the virus is very high probability.