Home » Tag Archives: malware

Tag Archives: malware

An Overview of Threats Against Companies in This Year 2014

The number of companies who become victims of cyber attacks are rising on this year. Kaspersky Lab Research and B2B International shows 91% of companies surveyed have been victims of cyber attacks at least once within past 12 months, while 9% Others were targeted attacks, ie planned attacks that aims to infect network infrastructure company or organization.

Breadth of digital devices used in many companies has created ideal conditions for cyber spying and launch a malware to steal corporate data. Its have a great potential so that a malicious program could be replace an informant (insider) to obtain the information.

Main Findings the Corporate Threat in This Year:

  • The unfolding of spyware attacks are associated with various governments
  • Most incidents involving cyber criminals aim to steal information
  • Revealed an attack to the contractor, and not to the big company
  • Emerging new actor in APT attack: cyber-army who undertake cyber spying based-on request

In 2013 revealed some spyware attacks are associated with numerous government agencies, either directly or indirectly. Other actors in terms of cyber threat against corporates is the company that using cyber criminals because their competitors wishing to enter the networks.

Cyber-army perform the operation that usually aimed to stealing information. Another attack aimed to sabotaging – using the malicious programs to delete data or block operations infrastructure.

Some programs specifically Trojan was able to steal money through online banking system. The cyber criminals can hack into the company’s websites and redirect visitors to malicious sites, and this action could damage the company’s reputation. Financial loss is generally caused by DDoS attacks, which can shut down the site public utility companies for a few days. As a result, the client switched to another company and this leads to long-term financial losses.

Beware of Four Signs PC|Laptop Already Infected by Virus

Do not underestimate little suspicion on your notebook. If you find the notebook takes much longer when opening a programs/ ​applications, it is better immediately bought to the nearest service center to analyze and addressed more accurately.

One of the little suspicion above can be caused by many factors, can be due to viruses or notebook just need to upgrade from too many applications that are installed when starting up. The reason is the malware creators today getting smarter hiding their malicious activity in order to devouring your PC computing power silently.

Luckily, there are some “signs” that can help you to determine whether your notebook is infected with a virus or simply outdated. Hopefully some of the following signs may help you in determining the next steps on the notebook.

Pop Up Windows Attacks

Pop-up windows could be an indication of malicious software installed on your computer. Usually Windows pop up is a sign of adware or trojan clicker. Malware creators get money from every pop-up you hit. One or two pop up Windows may not be harmful, but you should be more careful when the pop up happening more and more often. The reason, some pop-up Windows contains malware which harmful to your PC’s.

Several setting on PC/Notebook changed immediately

You work regularly on the same PC, and even if you do not everyday to check setting, you are pretty sure know how to setting up your PC to your liking. So, when this setting suddenly changed without your authorization then you will feel something wrong, right? If this happens to you, it is likely your PC/Notebook has been infected. This sign is usually recognized when you click on an application but eventually leads to another application.

Notebook performance becomes slow

If your notebook has suddenly become slow when opening an applications/programs, it means there is a possibility of your notebook has been infected with viruses. Some code snippets are carefully programmed to go undetected, and their main goal is to steal part of the “muscles” from your PC computing to produce spam, spyware, and so forth. Not only due to the viruses, the slowing performance of your notebook system could also be due to software that has been installed which apparently takes a lot of CPU cycles.

Randomly connected to different websites

Another signs of your notebook infected by virus can be seen when you’re connected to some website randomly. This could be because you are using pirated software, download or opening attachments in spam folder, or it could be due to visiting different websites with cookies tracking. Malware creators usually exploit vulnerabilities in web browsers to inject small piece of code that can evolve into a virus.

Norton 360 Version 6.0 Performance Review, Protection Inside and Outside

In addition to fortify your system from the threat of cyber criminal action, protective PC today also need to equip themselves against the threat from inside. Norton 360 tries to take that role.

Protect your system from cyber crime threats, such as malware, spam, and phishing, should already a must for every PC user. As a result, antivirus packages combined with anti-spam, anti-phishing and parental control seemed to have become standard.

However, what about if the defense is successfully penetrated? Malware can damage the system and spammers / phishers may steal personal data. Not to mention if any time your PC is damaged. Therefore, it is important for us to do a backup data periodically. As a result, if worst possible had happened to, at least the data has been saved.

Seeing this need, Symantec issued a security package that serves more than a bulwark against the threat of cyber crime, the Norton 360. Because the application is equipped with facilities for Backup and PC Tuning.

This time, Norton 360 has reached version 6.0. Compared to previous versions, the appearance of Norton 360 version 6.0 looks more clean with white domination. Icons also come more simple menu with four main functions: PC Security (protection system), Identity (personal identity protection), Backup (backup data), and PC Tuneup (maintenance system performance).

For PC Security and Identity function, application is strengthened by Norton Internet Security 2012 with well proven performance. One reason is due to the SONAR 4.0 technology that can detect malicious processes based on general characteristics of various malware profile in cyberspace.

Norton 360 flagship of course also available on its Backup function. we can choose location of backup data, eg hard disk partitions, external storage media, or could also in online using Secure Online Storage owned by Norton. To use this feature, you must have a Norton account.

In storage “cloud” owned Norton, we can store up to 2 GB Data, like the one provided similar services which currently popular, Dropbox. Of course, the duration of the data transfer to the “cloud” is highly dependent at a speed of internet access that we use. During and after the backup process is over, the data secured with Encryption 128/256-AES method.

Meanwhile, PC Tuneup are not very special because it contains several functions already default in Windows, such as Disk Optimization, File & Registry Cleanup, and Startup Manager. However, this facility can facilitate novice user. This is because all applications are located in one place. Users simply click it once to operate.

Indeed, not many significant changes in Norton 360 version 6.0 besides from appearance-side . New feature is inherited from the Norton Internet Security 2012. But, as a complete protection solution PC in & out, Norton 360 still one of the foremost.


Type Paid ($52 / 3 PC)
Developer Symantec
Site http://us.norton.com/360
Recommended specifications Windows XP/Vista/7

Only Single Option
Symantec only sold Norton 360 version 6.0 with 3 PC license preferred. The price is more economical. However, this policy can become limiting factor for consumers who just want to put it on one PC.

Powered NIS 2012
Security function in Norton 360 strengthened by NIS 2012 that brought two latest feature, namely Norton Management (managing devices fitted with Norton) and Bandwidth Management (critical updates only).
Less Spacious
2 GB of storage space at online Norton feels less relief. If you want to enlarge the capacity, we have to pay the additional fees quite expensive. Moreover, when compared to similar services (eg. Dropbox).


Plus: The interface appears cleaner; strengthened protection NIS 2012, including two new features; installation fast and memory-efficient

Minus: Not many features that are completely new; online storage capacity less relieved only sold in package 3 PC license.

Score Assessment
 - Usage: 4.2
 - Performance: 4.5
 - Feature: 4.2
 - Price: 3.8
 - Total Score: 4.21

How to Secure Online Transactions? Tips to Securing and Vulnerabilities

Can not be denied, the number of users online transactions each year continues to increase. Harris Interactive survey conducted in February-March 2012 said there were 57 percent of Internet users who manage bank accounts online and make online shopping. Of these, about 31 percent admitted they store data banking on the hard drive.

Therefore not surprising that banking information is very tempting targets for cyber criminals. The target was none other data such as login passwords, code validation and confirmation of transactions that they could use to fake himself as the owner of an electronic account. In addition, e-mail is also often used as one of the simplest ways to get financial information.

E-mail like this usually contains a message that entices the recipient to provide personal information or visit the official website of a particular bank. Another way is to include a link that directs consumers to third party sites that contain malicious programs. The cyber criminals can steal information from infected systems, by means similar with theft information through websites ‘official’ that they make, or make the interception of information typed through a browser. Interception can also be done directly using a keylogger.

One of the trojan that took part in a theft trick this is Trojan-Banker.MSIL.MultiPhishing.gen. This Trojan detected by Kaspersky Lab experts in January 2012 ago. This Trojan is designed to steal credentials major banks in Europe.

So, although this trojan has entered into a victim’s computer, but this trojan will not be activated immediately, but waits until the user is logged into one bank online services. How it works, the trojan will display a window that mimics the bank authorization form that is accessible, while the original windows from bank will be closed by this trojan. This Trojan can be detected by antivirus registered in England.

To protect customers from threats that exist when doing online banking, some banks apply to their own protection. For example, multiple authentication which requires customers to use two passwords. The first and second login to confirm payment or other transaction.

This can be combined with one-time password system that sent the bank to make cell phone customers every single transaction. Another way is to give a token to its customers to generate passwords on request. In addition, for the outside teller transactions, such as online banking, mobile banking, SMS banking and others, banking uses SSL secure connection that reduces risk of Data theft during transmission.

To ensure the security of your banking information – and the system you use – it takes a reliable antivirus solution with a reliable Internet security. This solution should be able to protect your computer from malicious software, network attacks and malware in e-mail traffic using traditional technology and proactive. You also need an antivirus program that can protect you while exploring the virtual world. To overcome the keylogger can intercept data to typed on your keyboard, you can use a virtual keyboard.

Safe Money Kaspersky provides technology designed to protect banks and other financial information during transactions. Some of the protection offered by this solution are:

  • Database address of bank and trusted e-payment system that can be modified by the consumer;
  • Tools to verify the identity of a server;
  • Tools to scan your computer and look for vulnerabilities that affect the security of online banking;
  • Protection of the browser creates an isolated environment for bank sites, payment systems and online stores;
  • Features that protect the Secure Keyboard Data entry with the help of a special drive and mouse-driven virtual keyboard.

Beware of New Scam on Facebook

Beware of scam a new way to staking your Facebook account. Fraud is happening on Facebook at this time give notice to register your account activity to be encrypted by Facebook team before on June 15, 2012.

The content announcement of these scam was also gives the lure that Facebook is doing self-protection against scam attacks from Sopa (Stop Online Piracy Act) and PIPA (Protect IP Act) laws.

Then, you are required login to your Facebook account to the button that already provided. But after you press the button, then this scam directly will make an announcement to claim US$1 million coins and spreading news throughout your Facebook friends.

This trick has several times applied to several social media sites and actors deliberately use a name brand as well known brand to convince the victim to spread fake announcements.

Useful Security Tips from The Top IT Experts in World

Learning from mistakes makes you getting smarter. Moreover, if existing errors coming from the professionals expert.

IT professionals can get caught on tricks of cyber criminals. However, from there they can share useful lessons for all computer users. CnwinTech ask some leading IT experts about their experiences while connecting to Internet. Their experience could be valuable lessons for Internet users.

CnwinTech does not expecting get so many honest answers and some very open. Eugene Kaspersky tells how he succeeded in thwart the kidnapping of his son. Figure of open source, Richard Stallman also expressed his personal opinion about some errors in Windows operating system.

Actually, anyone can implement its own principles in securing data. However, the experience of the experts may also be a personal safety guide.

Eugene Kaspersky: Kidnapping

Click to Expand

Click to Expand

April 2011 ago while a married couple retired Russian kidnap his son, 20-year-old Ivan. To free his son, Eugene Kaspersky with police setting up a hoax. Utilizing the local media, Eugene Kaspersky maneuver distracted the kidnappers by informed that he had paid a ransom of three million Euros. Hoax was successful and further police make action to liberate Ivan without injury.

However, these events brings its own lessons to Eugene Kaspersky. The investigation revealed that the perpetrators collecting personal information from social networks and observing daily activities of potential victims. With this information, they planned criminal.

“No one knows exactly the reason they chose Ivan as a victim,” said Eugene Kaspersky in a special interview with CnwinTech. “However, I suspect because Ivan publish too much personal information on Vkontakte (Russian Facebook),” he added. With that information, kidnappers can easily find out detailed activities of Ivan, watching, and calculate the level of personal security.

With the case, Eugene Kaspersky today still feel guilty since he did not explain the dangers of using social networking and do not give advice to restrict the publication of personal data. “Do not make the same mistake. Act immediately to protect your children”, he warned. 

Thorsten Holz: Hackers who hacked

Click to Expand

Click to Expand

Cyber criminals can also be trapped. When Thorsten Holz see better control server of a network bot for research purposes, he did not believe he was seeing. Bot network administrator does not change the default password server. Thus, the researchers were able to copy and analyze the huge numbers digital loot.

“With the verification of two factors, the network must be more secure (from us)”, says Thorsten Holz. In addition to the password, the user must enter a TAN which will be received on mobile phones via SMS or TAN-apps. Login is just using your username and password hacker easier. With a trojan keylogger, hackers can read any password easily. Currently, Google and Facebook have provided two-factor login.

Mikko Hypponen: Account hijacked

Click to Expand

Click to Expand

Finnish men began a career as a creator of virus. When teenager, Mikko Hypponen make Omega virus which he said is not dangerous. However, he quickly turned toward becoming a major virus hunters at F-Secure and consultants of international security institutions.

Since the 90’s, cyber crime is a billion-dollar business and virus makers likes to targeting community. From there, Mikko Hypponen draw lessons, a program whose name is not familiar (not known) rarely get into the target criminals. “Use another program,” Mikko Hypponen advice. There are many alternatives, like Linux replacement for Windows 7, Foxit Reader replacement Acrobat Reader, or IE replacement Opera.

Bruce Schneier: Brain-Backup

Click to Expand

Click to Expand

Bruce Schneier store data in two brains. Laptop containing e-mails, contacts, and agenda, it’s easy to hijacked. “Backup in my brain,” joked Bruce Schneier. However, this is true because if your life a lot going on computer, data leakage will be more easily happen. With distributed backups across multiple storage media, data security will be more preserved. “Always make backups!” Bruce Schneier said.

Konstantin von Notz: Encrypting e-mail

Click to Expand

Click to Expand

Konstantin von Notz, one of the Green party politicians in the state of Schleswig, Holstein, Germany, fighting for security e-mail as connection between the community and board members via e-mail that encrypted and providing a free application to open it. E-mail encryption is always discussed within the community. Communication without encryption is not compatible with data protection. E-mail without encryption can be read by anyone in the network.

Jacqueline Beauchere: Choose your friends

Click to Expand

Click to Expand

Children are a favorite target of ID thieves. Jacqueline Beauchere, Microsoft security experts found several cases of ID theft on behalf of children who can make many losses. With a social insurance number, criminals get credit for shopping. Losses borne by parents of course.

Therefore, Jacqueline advises young parents to make online security an family theme. You have to explain certain restrictions, including checking list of Facebook friends on a regular basis. This must be done because the case has been common, the best friend today could be the main enemy in the next day.

Digital clean-up on a regular basis can prevent cyber-mobbing. “The end of school year or when changing schools is a good time to do it,” said Jacqueline. “Check your list of friends on social networks with your child and remove any of some can be dangerous,” she said.

Brian Krebs: Unfriendly Resources

Click to Expand

Click to Expand

Brian Krebs has learned from bad experiences. “Internet is good, but with good control as well”, said Brian. Several years ago a hacker wrote to him: “Hi Brian, look at this link”. He not only saw, but clicking on it. After that, the operating system is destroyed. For hours he tried to make computer work again.

Since then, this security experts separate work environment from external communication. “You never know who sent people through Internet, even by friends though. They can send malware”. Now, Brian Krebs much more cautious. “I only install programs that I know and I really want,” added Brian.

Joanna Rutkowska: Secure System

Click to Expand

Click to Expand

Overcoming the problem at its root is the principle of Joanna Rutkowska. For her, a computer security should start from hardware. “During this operating system uses too few hardware technologies that can further improve computer security,” she said.

This Polish security researcher has argued like that because with their team Invisible Things Lab, she has been working on open-source operating system QubesOS extremely secure. Therefore, Joanna Rutkowska does not offer a general security solutions are sold, but with the right answer to the question. For example, how to surfing every day in cyberspace safely?

Thus, you should try to own and use a variety of tools for different tasks. “I use the iPad for surfing and computers backed up to work,” says Joanna. However, it is no longer required when using QubesOS. “Maybe a few more years I can tell you, for those who want a secure computer, you only need to use QubesOS” added Joanna little promotion.

Richard Stallman: Windows spy

Click to Expand

Click to Expand

He is a tireless fighter for freeware applications. Not only that, he did not consider himself to security experts, but he relentlessly warn people about the dangers of computer. “For me the best example is Windows because it has monitoring functions, digital cuffs for user files, and security holes,” said Stallman warned. Therefore, he recommends using freeware software which no longer free to spy on users.

Stephen Pao: Dealing with errant staff

Click to Expand

Click to Expand

Each time Stephen Pao hiring a new employee, co-founder of Barracuda Networks WLAN is always keep an eye in the company. If these new employees brave to log on Facebook without HTTPS protection, hacker software Firesheep Pao’s will turn on alarm.

Furthermore, this network expert can log into a Facebook profile corresponding to view and modify various data at will. Pao just leave funny notes and warns employee with a special note that said “You already know, you work in an IT security companies? Use HTTPS!”

Without HTTPS, usually Data sent without any encryption between website and PC. In an open WLAN, it is an invitation for hackers. On Facebook, its setting option at “Account Settings | Securit | Secure Browsing“. If you have not already, please do. The same function is also offered many other web services.

Candid Wuest: innocent Flash disk

Click to Expand

Click to Expand

Due to already believed to their friends, without thinking Candid Wuest meets the friend request. However, Candid surprised by things he found in his friend flash disk? A vicious USB autorun worm that exist in flash disk. Ultimately, the worm can be active when the flash disk is inserted in a USB slot. Furthermore, the Worm can directly infect the test system’s Candid Wuest.

“I have to reinstall all the computers,” he said. An error due to lack of caution which is not easy to avoid this Symantec experts. Because not all programs recognize the security of any virus, online scan actually can help it. Virustotal.com web service instance can check files with assistance of more than 40 different virus scanner applications.

Sebastian Schreiber: outdated code

Click to Expand

Click to Expand

As request of company, Sebastian Schreiber had infiltrated into network as testers. However, he even panic when installing an application, but he forget the code. By doing a simple trick, still he did not succeed. Currently, simple tips and tricks are actually outdated. To protect your computer, you must take care with difficulty, making it vulnerable to dangers, and should be careful on Internet. Tips from Sebastian, if an expert promise a simple solution, always be skeptical because the experts themselves are not free from error.

Duqu Trojan Use an Unknown Programming Language

Some time later, Duqu Trojan increasingly popular as a dangerous malware targeting intelligence. Duqu was first discovered in September 2011. However, according to Kaspersky Lab, the Duqu trace have been tracked since August 2007. Kaspersky Lab found that Duqu Trojan written in a programming language that is not known. Duqu a sophisticated Trojan that was created by the same people who make Stuxnet. This malware has goal as a system backdoor and facilitate the stealing confidential data.

Kaspersky recorded the biggest victims in Iran. Duqu generally looking for information about production management systems in various industrial sectors, as well as information about trade relations between the several companies in Iran.

The unsolved biggest mystery of Trojan Duqu is how the program communicates with the server Command and Control (C&C) when successfully infect a victim. Duqu module whose role is to interact with the C&C is part of the payload DLL Duqu. After a comprehensive analysis of payload DLL, Kaspersky Lab researchers found there was a special section in payload DLL, specifically communicating with C&C, written in a programming language that is not known. Kaspersky Lab researchers call this unknown part as “Duqu Framework”.

Unlike other Duqu, Duqu Framework is written in C++ and compiled with Visual C++ 2008 Microsoft. Author Possible uses in-house framework to generate intermediary C code, or use a programming language that is completely different. However, the researcher Kaspersky Lab has stated that the language is object-oriented and conducted a number of activities in accordance with the application network.

Duqu Framework Language very special and Payload DLL allows to operate independently with other Duqu module and connect it to the C&C through several channels such as Windows HTTP, network sockets and proxy server. It also allows Payload DLL process the request HTTP server directly from the C&C, secretly move the duplicate information that was stolen from the infected to the C&C, can even distribute the payload other hazardous into other devices in the network, and creates a form of control and the latent spread infection to other computers.

“Given the scale of Duqu project, possibly who created Duqu framework is its own team that different than group that created the driver and writing system infection that exploited,” said Alexander Gostev, Chief Security Expert Kaspersky Lab. “Given the high level of customization and exclusivity on the programming language was created, it is possible this program was created not only to prevent outsiders know the spying cyber operations and its interaction with the C&C, but also to distinguish it from others internal groups Duqu are responsible for writing other part of this program.”

According to Alexander Gostev, making its own programming language shows how high the ability of developers program working on this project, and demonstrate the ability of financial and human resources are mobilized to ensure the project runs.

Kaspersky Lab invites community of programmers or anyone who recognizes the framework, toolkit or unknown programming language Duqu Trojan to contact stopduqu@kaspersky.com.

WIN32/OLMASCO.R, Youngest Malware TDL4 Families

After appearance of the newest version last July, where TDL at that time had been detected by ESET and known by Win32/Olmarik, seems still evolving.

ESET researchers specifically examined and traces TDL 4 malware consistently, and in that time period, there are phases of the appearance new variants TDL 4. Latest phase is identification of appearance new variants malware Win32/Olmasco.R TDL 4 which has been developed in some parts, especially the way rootkit infects the system, and the ability to change layout of hidden system files.

Based on analysis carried on malware components there are some changes in kernel-mode drivers, and user-mode payload, while the other components, especially the rootkit component is still the same as previous version.

These changes indicate on a two possibilities: First, there is a change order on a team who developed TDL 4. Second, TDL4 Developer commercialize or sell Bootkit Builder to other cybercrime groups.

Analysis also showed that Win32/Olmasco.R able to send information that is copied from computer victims to C & C (Command & Control server) along the installation of rootkits into victim’s computer system.

Furthermore, when there are errors on a the process, malware will send a full report about the errors that occurred to TDL4 malware developers. This report will be kind of feedback to find out the cause of failure rootkits installation.

Also found a virtual activity which contrary to the bot trackers for malware installation process, to verify if ‘dropper’ can be run on virtual environment, then information will send to C & C.

Other activities that are found is to check whether all components can be run in a virtual environment in system targeted, this activity become privilege of Win32/Olmasco.R because it have exceeded the ability of modern malware.

The composition of Boot

Components bootkit on malware has changed since the modifications in previous variant TDL4. Something different in this new variant, while MBR (Master Boot Record) is infected, then will be available space on your hard drive as a bootable backup to store malicious components, in addition, there are also differences about the way of infecting victim computer system.

First, the malware will create a bootable partition on your hard drive. If we look on partition table on your hard drive using Windows Vista or newer Windows operating systems, we will find unpartitioned (or unallocated) space on the hard drive bootable. Usually the space is large enough to accommodate components of rootkit. Sometimes even a partitioned space will be even greater. In such cases, the magnitude from malicious partition will be limited up to 50 GB. Secondly, then the malware will create a hidden partition by modifying the entry in the partition table.

Should be noted that the MBR contains a partition table at offset 0x1BE. This table consists of four parts, each entry have 6-bytes, and each are interconnected. In addition, there is maximum of four primary partitions on your hard drive and one more partition is marked active, which means from that partition OS will be booted.

Malware that overwrites will occupy an empty entry in partition table with parameters for malicious partition, mark it as active partition and turned into a VBR (Volume Boot Record) from the newly created partition, as shown in figure below:
If an empty entry not found in partition table, then the malware will send a report on a C & C server and stop installation process. The following picture can be seen what happens to the partition table after the system successfully penetrated by TDL4 latest version.
As the result from manipulation, MBR code will not be touched and the only one that needs to be changed is partition table. When a computer is infected, and control boot turned into a malicious VBR (VBR results of TDL4 partition) right after MBR code is turned off. Thus, the malware will take over control on system before operating system works.

When malicious VBR accept role of such control, then he will read a file named “boot” from root directory file system TDL4, and then transfer role controls to the boot file.

Bootkit component on the latest malware variants TDL4 or identified by ESET as Win32/Olmasco.R is similar to previous version TDL4 unless name in malicious file system has been changed.
The diagram below show image of boot process on a computer that has been infected:

Hidden File System

Layout from hidden file system has also changed, able to accommodate 15 files -regardless the size of available space- a new file system capacity is limited by amount of malicious partition that will enter.

“The system file which owned malware latest modification is more advanced and sophisticated than previous variants. Examples of these differences is ability malware for detecting files that corrupted which stored in hidden system files by CRC32 checksum calculation and compare with size of files stored in file header, “explained Yudhi Kukuh, Technical Consultant from PT.Prosperita-ESET.

TDL 4, Dangerous TDSS Botnet Generation 4

TDSS botnet is now come with latest of 4th generation variant, which is more dangerous. Malware that spreads widely through the Internet and other devices such as flash disk is no longer an application which came once and then die. Malware is also regeneration by always appearing in new forms and variants that more stronger, more sophisticated. TDL 4 is one of a botnet TDSS the 4th generation.

The rise of botnet infection which attacks the computers even also network computers have impact losses for the user. Commenting on this condition, Yudhi Kukuh, Technical Director of PT. Prosperita-ESET Indonesia convey that to banish the TDSS / TDL, with all sorts of traps to infect system 32bit/64bit or defeat botnets is not an easy job.

TDSS or also known as TDSS / TDL, or Win32/Olmarik, infect computers and then take orders from a C & C server. Win32/Olmarik next process. AVA zombies Kademilia communicating with each other using DHT (distributed hash table) peer-to-peer protocol. When a PC is infected by bots, the computer will automatically become part of a network shared with other computers that also have been infected with the “Command & Control” (C & C) server or a botnet, which has destructive properties.

Botnets will try to control a network with several computers along with all information that is owned, then the information that was stolen will be deployed to computers in network. Botnets do not just stop working even if only one computer while other computers in botnet network dies.

Weakening the network botnet can be done either by track and turn off some or all of C & C servers that send information to a computer zombie who has been infected and gave instructions that must be done, then if the server is turned off, zombie computers are connected to a computer server is no longer able to sends data function or perform as instructed by botmaster.

By using Kademilia protocol, botmaster will be able to integrate weaknesses of C & C approach, then by using a common approach between each computer as C & C server or a zombie or a client who has been infected.

“In addition, there is an easy way to block botnet on your network. The trick is to have awareness to activate, update at regular intervals in computer security system and network servers,” added Yudhi.

Simple, Smart and Strong from Avira 2012

In early October ago, Avira has announced the presence of Avira 2012 that carries focus on protecting security of home users, small business and enterprise. Major changes occurred in this 2012 version, especially the increase of user interface, installation process, and level of automation in detecting and virus/malware removal, as it also increases the performance of system resources as well as new virus/malware detection that not yet known.


With more attractive user interface, intuitive, modern and more efficient design, the installation process simply by double-click and have automatically conflict resolution software during the installation process. The new feature is useful for one-click “Fix Problem” which serves to solve problems that might compromise a user’s computer.


The new code is designed much more improved for detection of out-witting malware, which this malware deliberately hide itself from antivirus software. This new detection mechanism will find the code that is hiding inside the operating system.


Detection rate more increase, in which all components have been fortified so that stronger in holding malware attacks that specifically target antivirus software itself. Avira has defensive capability without locking the registry, better resistance against process termination and removal of components, from malware that make new steps in return.

Avira 2012 can be downloaded via the official website at www.avira.com and for business customers avira products can upgrade through centralized Security Management Center which will be available starting 17 October.