Virus.Win32.Induc.a in VideoGet von Nuclear-Coffee - Security News

Home » Security News & Infos » Virus.Win32.Induc.a in VideoGet von Nuclear-Coffee » Themenansicht

Seite(n): 1

Antworten

Virus.Win32.Induc.a in VideoGet von Nuclear-Coffee

19.08.2009, 22:52 Argus Ehrenmitglied Beiträge: 6028	#1 VideoGet ist ein Program um YouTube Videos und von mehr als 850 anderen Videowebsites herunter zu laden http://nuclear-coffee.com/de/VideoGet Derjenige die sich das Program gekauft haben sollten unbedingt die letzte version runterladen Auch die Trail Version ist Infiziert http://www.virustotal.com/nl/analisis/c723503fb0eaab8cd338dacf3775a5d1999f9a96f90d41195d3236077fd504cf-1250661759 VideoGet ist infiziert mit Virus.Win32.Induc.a http://www.virustotal.com/nl/analisis/02acd7c1f68d49358fc98424ddb4beb275ccbdcb9c420b57535a029811ef8095-1250637189 __________ MfG Argus

20.08.2009, 14:37 Argus Ehrenmitglied Themenstarter Beiträge: 6028	#2 This virus is actually several months old and all AV companies were blind. Why? Till now, file infectors (like Virut, Sality, Parite, …) have modified executable files on the victim’s machine. They appended their body and changed the entry point – “thats all”. Win32:Induc is different. The infected file looks for the Borland Delphi compiler on the victim’s machine. If Delphi is found, the source file SysConst.pas is replaced by a malicious one and is compiled into SysConst.dcu. Each new build (using SysConst.dcu – practically all) of any Delphi project on an infected machine produces an infected file. This malware is produced by “white” programmers without their permission. Many files are digitally signed and distributed globally through download servers. A few statistics: A few hours after VPS update 090818-0 (contains detection Win32:Induc) we received hundreds of suspected “false positive alerts” – all of them were infected. In the last 12 hours (since VPS was released) avast! has found ~200 000 infected files. http://blog.avast.com/2009/08/19/win32induc-new-concept-of-file-infector/ This infection has been discovered 2 days ago and all AV vendors add its detection into their virus databases because its flaged as ITW (In The Wild). But this infection may be old - no one know how old, but many software developers are infected and their software releases are infected too. Even it is signed it is infected! They were submitting infected copies to singing companies. The problem is that it is new technique to infect - executable infects source code (one delphi library) - any program built with delphi on infected machine is infected too. So you can get clean installation only! after software producer will be clean and will release absolutely new version. Or you may rollback to some old version which is not infected. http://forum.avast.com/index.php?topic=47738.0 __________ MfG Argus

20.08.2009, 16:53 raman Moderator Beiträge: 7805	#3 Das ging durch alle "blogs" und co. Fing bei Kaspersky an, ueber heise usw... http://www.heise.de/security/Virus-infiziert-Entwicklungsumgebung-Update--/news/meldung/143679 http://www.viruslist.com/en/weblog?weblogid=208187826 Interessanter und erschreckender Ansatz. Bin gespannt, wann die erste Malware dieser Art mit Schadpotential auftaucht... __________ MfG Ralf SEO-Spam Hunter

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1

Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten