Top News - Bkav Corporation

Do your best, the rest will come !

The return of data-destroying virus

12:01:00 | 11-09-2010

After a long absence, data-destroying virus has come back. About 20 days ago, Bkav virus monitoring system detected a virus programmed to delete all data in hard-disk drives, except for the drive that Windows was installed. The time of deleting data was preset by hacker on 1st, 20th, 21st and 29th monthly.

This virus is detected by Bkav as W32.Delfile.Worm. "Once infected to computers, the virus will copy itself to folder C:WindowsSystem32 and write one key to the registry. On a preset day, virus will destroy the data at computer startup. On other days, it renders files hidden and copies itself, disguised as real folders, which users would find it difficult to realize that their computers have been virus infected," Mr. Vu Ngoc Son, Director of Bkis R&D, said.

This data-destroying virus, which used to be a rampant virus in the 1990s, caused a significant loss to users. W32.Delfile.Worm will leave intensive damage when it spreads on large scale since a lot of important information tends to be centralized on user's computers.

To protect computers from this kind of virus, users are recommended to use licensed antivirus softwares and scan for virus on a regular basis. They should back up their important data on other storage devices to ensure the data's safety upon incidents.

August 2010, virus spreading via Yahoo! Messenger has come back and widely spread.

In recent days, in forums, social networking sites, there has been much discussion about virus spreading via Yahoo! Messenger which was rampant 4 years ago.

For a long time, thanks to security researchers' warning and users' own experience after being infected, users take more caution with this kind of virus. However, due to the subjectiveness of users on receipt of links shared via Yahoo! Messenger, in the past few weeks, W32.Ymfocard.Worm (the latest variants of virus spreading via Yahoo! Messenger) has spread in large scale.

Yahoo! Messenger users should be cautious upon receipt of strange links, even sent by their friends. They should also update the latest version of their antivirus software to protect their computers.

Adobe successfully patched /Launch vulnerability in Adobe Reader

On June 29, 2010, Adobe released the first patch for /Launch vulnerability in Adobe Reader which used to be exploited to widely spread. Right after that, Bkis security researchers pointed out that this patch could still be bypassed. In their next patch in August, Adobe has overcome this vulnerability.

Before that, Adobe also confirmed Bkav's warning that the first patch still could not prevent hacker from executing the malicious code.

To update the patch, you can use one of the following ways:

1. Open Adobe Reader, choose Help / Check for Updates.

2. Download version 9.3.4 or 8.2.4 (it depends on which Adobe Reader version you are using, version 8 or 9) from http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

Bkav

Others

The DEEP#GOSU virus campaign takes advantage of Google Docs and Dropbox to attack Windows users

LockBit ransomware virus attacks Windows Domain servers in Vietnam

5 million websites are at risk because of vulnerabilities in WordPress' LiteSpeed

Warning: using AI to create fake images and voices to scam money

Bug in Microsoft Outlook allows hackers to steal information and take control of devices

OPSWAT and Bkav signed a strategic partnership

Summary of cybersecurity in 2023 and forecast for 2024

Warning: Many Elknot virus variants appear targeting Vietnamese Linux servers

Bkav launches Bkav Pro 2024 with the orientation of expanding the global market

Applications impersonating government agencies to spread viruses on Android are highly active in Vietnam