What are Trojans, Viruses and Worms?

Viruses, Trojans, Worms and other cyber threats are now a part of daily life. Malware spreading throughout the Internet, hackers stealing confidential data and mailboxes flooded with spam are the price we pay for computing convenience. Any unprotected computer or network is vulnerable.

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability. 

The name “Trojan” came from The Greek Methology “Trojan Wars”. in the context of computing and software, describes a class of computer threats (malware) that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine, giving them the ability to save their files on the user’s computer or even watch the user’s screen and control the computer.

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

How can I protect my computer from these attacks?

Although these threats can’t be avoided, you can still protect your computer systems by doing the following:

1. Install an Anti-virus Software.

Make sure that you have an anti-virus software installed in your PC. There are lot of Free Antivirus Software that you can download from the web. Here’s are some:

AVG Free Edition – Protection against viruses, spyware, adware and trojans.
Kaspersky - scans your computer for malicious code and offers the same
exceptional detection rates as other Kaspersky Lab products
Avira AntiVir Personal – from Avira GmbH protects you computer against viruses,
malware, adware and spyware, unwanted programs and other dangers. This manual
deals with viruses and software in brief.

2. Security Updates.

Your operating systems offers you a free security updates on regular basis. Just make sure that you download it and install it to your system.

Microsoft Security Updates

Apple Security Updates

Red Hat Security Updates

3. Don’t open or download software from an unreliable sources.

Usually, you can get Trojan Horses from unsolicited emails with file attachment. Always make sure that you only open attachment from a reliable source. Avoid opening any executable file from emails or downloading it using P2P applications such as limewire or bearshare. Here’s are some extension name you should avoid downloading:

exe, com, bat, vbs, js, and inf file extensions

Note:

If you are using removable drives such as USB Flash drives… Make sure that you scan it first and avoid opening it from auto run or auto play.

4. Use An Anti-Spyware software if your connected to the internet.

Lastly, use an Anti-Spyware software to protect you when accessing the internet.

Here are some example:

Windows Defender - It’s free for Microsoft Genuine Windows User.

AVG Internet Security - It’s USD 54.99 but a complete and reliable solution.

Norton 360 - Protects your PC, online activities and your identity 24/7 – Delivers award-winning protection against viruses, spyware, worms, phishing, hackers, and more in one complete, fully automated solution.  USD $79.99

This virus monitors DNS requests to domains containing certain strings and blocks access to those domains so that it will appear that the network request timed out. We (my MIS Team) discovered W32.Downadup.B Virus from our quarantine logs and we found out that it was introduce to the network using a USB drive activated by autorun.inf.

W32.Downadup.B creates an autorun.inf file on all mapped drives so that the threat automatically executes when the drive is accessed. The threat then monitors for drives that are connected to the compromised computer in order to create an autorun.inf file as soon as the drive becomes accessible.

You won’t be able to detect it using the command prompt because it run by using the RPC Handling Remote Code Execution. How to remove the virus just follow the steps below:

Follow these Steps:

1. Download the removal tool from Symantec website and place it on your desktop.

2. Download the Security patch from microsoft website. ( Choose the file support with your OS).

for Windows XP (KB958644)

3. Temporarily Disable System Restore (Windows Me/XP).

4. ​​​Update the virus definitions (If your using Symantec).

5. Reboot your computer in SafeMode.

6. Run the FixDownadup.exe that you have just downloaded and let it scan until it found a viruses.

7. Run the Security Patch.

8. Reboot your system in normal mode and run the Full System Scan to make sure that no virus present on your computer.

9. As preventive measure We disabled autorun in the registry and disable USB Port access to all workstation.

Below are stats from Symantec regarding this virus.

Threat Assessment

Wild

* Wild Level: Medium

* Number of Infections: 1000+

* Number of Sites: 10+

* Geographical Distribution: Medium

* Threat Containment: Moderate

* Removal: Moderate

Damage

* Damage Level: Medium

* Modifies Files: Modifies the tcpip.sys file.

Distribution

* Distribution Level: Medium

* Shared Drives: Attempts to spread to network shares protected by weak passwords.

* Target of Infection: Spreads by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874)