Today, the threat of viruses and Trojans to the internet has changed a lot, traditional artificial analysis is not enough to support the large number of virus samples. In this case, cloud security technology was born. It will be the original manual analysis of the traditional process of the virus into the server-side automatic processing process, which is a huge innovation in the security sector, but also Trojan makers are the most headache protection mode.
Cisco's President Chambers has said that cloud computing will be a safe disaster, and this has sparked a big stir in the industry.
In fact, this is not sensational, data protection, terminal protection, virtual environment, risk management and other information security issues with the advent of cloud computing will be more complex and difficult, enterprise users of information security will face more serious challenges.
In the near future, cloud security, which also uses cloud computing technology, has a bit of a situation.
A recent report from Microsoft's Malware Protection Center has found that a Bohu trojan virus, which is spread through video plug-ins, can bypass a variety of anti-virus software. Can even directly block the kill soft and "cloud" communication between the anti-virus software and the server to prevent contact and upgrade.
According to the report, the Bohu virus would add random data to its own files, making it a Trojan horse with an amazing file size. To prevent detection based on hash hashes. For the cloud killing engine upload analysis of suspicious procedures to create obstacles.
Usually cloud security antivirus software scans files, sending hash hashes of files to the cloud server to determine if there is information available on the server for that file. When a virus's hash results are constantly changing, the server will not be able to identify it in time.
Most of this virus is bundled in some player installation files, browsing some non-mainstream video sites, if users are tempted by certain video content, may click to install these specific players.
The possible forms are as follows:
While the player is installed, these malicious installation packages will install an SPI based data filtering service on the system and then filter through specific packets to block the communication between the antivirus client and the cloud.
If you use the ice blade to view the system's SPI Service list for additional Netplayone.dll services (not limited to this name), then prove the system has been poisoned.
Bohu current major variants are detected by AVG: Dropper.Generic2.BJOV and Dropper.Generic2.BJMC. AVG can accurately identify bundled virus installation packages:
However, the current Bohu virus in front of the only domestic popular some mainstream kill soft, short-term ordinary users as long as the use of professional foreign kill soft can deal with this virus. But to fundamentally solve such problems, still need to use AVG, Kaspersky this active defense function of the professional anti-virus software.