RichardHarlos.com

Insightful opinions without the smoke and mirrors.

RichardHarlos.com random header image
Not everyone who gets hit by a drunk driver dies I am officially at risk for identity theft

Zero-day virus, rootkit attacks Microsoft Word; free antivirus comparison

May 22nd, 2006 · 4 Comments

virus logoYet another Microsoft-related vulnerability that users need to know about:

Zero-day flaws are vulnerabilities for which no patch exists. This particular attack, which Symantec is labeling Trojan.Mdropper.H, is launched with an e-mail that offers an attached file that appears to be a Word document.

When the recipient opens the document, it executes a Trojan, then installs malware dubbed “Backdoor.Ginwui” on the PC. The backdoor installs a rootkit to hide itself and makes room for a hacker’s Latest News about hacker dirty work. Symantec reported that Ginwui gathers system information, gives the attacker access to the cmd-exe shell, and transmits screenshots to the hacker.
-from New Zero Day Attack Targets Word Users, TechNewsWorld.com, 22 May 2006.

This isn’t a wide-spread issue yet. You don’t want to wait until it is because, by then, you may already be infected.

What’s a rootkit?

Rootkits are programs designed to attack and infect the core processes of your operating system, in order to hide and defend other viruses, worms, keyloggers, backdoor programs, etc. They are the most pernicious and sophisticated form of attack which currently can be made against a Windows system, because they prevent the Operating System itself from seeing them. Rootkits are designed not to be found by Antivirus software, or even by the file system itself. Special tools are required to find them, and as of summer 2005, a rootkit infection can only be “fixed” by formatting the hard drive and reinstalling the operating system.
-from University of Minnesota ResNet FAQ.

Speaking of Antivirus software…

There are many solutions available. Some cost money, others are free.

Don’t assume that free versions are inferior to their costly cousins. Three of the free offerings are very good at their job. These are:

For independent comparatives of Anti-Virus software (both free and non-free products), please visit AV-Comparatives.org for a product review. For those of you who may be more technically inclined, there’s also a lively discussion of anti-virus products going on at /. right now! :-)

Tags: Uncategorized

4 responses so far ↓

  • 1 chow-stl // May 29, 2006 at 9:30 pm

    i will do one better in your list of solutions RH. Use linux. There is now a very easy to use linux desktop which works ‘right out of the box’ for about 98% of hardware configurations. It comes as a live cd and you can boot it before you install it to see how it will play with your system. It is called pclinuxos and it is the best operating desktop system of any sort going. Give it a look, you will not be disappointed.

  • 2 Richard // May 30, 2006 at 12:21 am

    Idealogically I’m already a huge fan of Linux. Unfortunately, each time I install it I end up struggling so much to get everything functional that I end up abandoning my efforts and resorting back to Windows.

    I am always on the lookout for the next opportunity to use Linux so I will give your suggestion some time and research. Thanks for the tip!

  • 3 chow-stl // May 30, 2006 at 4:51 am

    I had also had alot of probs with linux for one reason or another. Once of the frustrations for me was getting the different source based apps to play nice together. pclos has done an excellent job of eliminating these hurdles. After you get used to the format, it is actually easier then winows to use. without all the hassles of constant maininence required to run windows effectively. In fact, my network comprises of 3computers. one i use as an internet gateway/printer server. The second one, which i am using now, is for my daily run of the mill desktop apps (internet usage, office apps, and various games and such) and a third computer i use for filesharing services. (bittorrent and frostwire, a limewire pro clone). the 3rd computer uses a network connection to route the file sharing appps onto the 250gb partition. This allows me to run the resource hogging files sharing apps on a third computer while i can enjoy the contents of the files on the primary client. I would also like to note that i paid 80 dollars for each computer. even with legacy hardware dated at about 99 or 00, i benchmark faster then windows XP on a computer with 2.4 ghz with 512 meg ram. In this manner, an impoverished geek can have a top notch network for next to peanuts. Just more food for thought. Since your a software developer, i just watned to throw more info at you with regards to your open source options. I hope this longwinded post did not put you to sleep.
    Best Regards, CHOW

  • 4 Richard // May 31, 2006 at 8:04 am

    chow–

    Put me to sleep?? Nah… I’m an information junkie! LOL!

Leave a Comment