电脑病毒愚人节发作

连结500恶意网站 电脑病毒愚人节发作

中时电子报: 2009/03/25

朋友之间「愚人节」开开玩笑，无伤大雅，若被骇客开玩笑，可要付出电脑中毒代价。资讯安全业者提醒，针对微软MS08-067安全弱点攻击的变种病毒Worm_Downad.KK将在四月一日发作，一次产生五万个恶意程式网址，并试图在同一时间内，随机连结其中五百个恶意网站下载病毒。

资讯安全业者趋势科技表示，Worm_Downad.KK源自worm_downad.a系列病毒，二○○八年十二月第一次现身，至今已感染超过一千五百万台电脑，是近期散播能力最强的病毒。随后还有各种变种病毒，附档名从.AO、.AD到目前的.KK。

相较前一代变种病毒能产生二五○个恶意网址，新变种增加一倍，明显希望借感染电脑及恶意网域增加，扩大疆尸网路家族，以进行下一波攻击。

趋势科技表示，这只变种病毒仍以微软旧的MS08-067程式漏洞为攻击目标，显示仍有许多使用者没养成更新系统的习惯。因此，除了更新修补程式，防毒软体也要更新到最新的病毒码，并执行全系统扫瞄，以确认电脑没有任何恶意程式。

New DOWNAD Generates More URLs

Trend Micro detects yet another variant of the infamous DOWNAD family, WORM_DOWNAD.KK. DOWNAD (also known as Conficker) is one of the more destructive outbreak worms in the Web threat era, with numbers matching that of giant botnets Storm and Kraken.

WORM_DOWNAD.KK closely follows the trail of WORM_DOWNAD.A and WORM_DOWNAD.AD (which just late last month was discovered to have updated functionalities). With this new variant, the entire DOWNAD mess is getting a lot uglier.

The two earlier DOWNAD worms, as of this month, have already infected a million PCs based on Trend Micro’s World Virus Tracking Center, which scans only infections detected by HouseCall and other Trend Micro related products. Security researchers estimate the global infection at around nine million PCs.

Among WORM_DOWNAD.KK’s added features include the increased number of generated domains, from the earlier the 250 generated by the earlier variants to 50,000. While the worm only attempts to connect to around 500 randomly selected domains at a time, this modification is seen as an effort to add survivability to the DOWNAD botnet.

Trend Micro Advanced Threats Researcher Paul Ferguson says that blocking these domains is almost impossible not only because of the daily volume, but also because there is a high possibility of legitimate domain collisions where DOWNAD generates domains already in use by legitimate entities.

Like the other DOWNAD worms, this new variant also blocks access to antivirus-related sites, as well as terminates security tools.

Trend Micro users are already protected by the Smart Protection Network, which blocks WORM_DOWNAD.KK and prevents it from running in systems. Infected systems could be cleaned by following the instructions in this page.

警告归警告，每年还是有人在愚人节“中标”！

那些平时没有空“笑的，别急着在四月一日才笑，中了毒，就轮到收电脑修理服务费的人“笑”。

不过，这些电邮，通常会提早发送给人，所以这个周末，新旧病毒就会趁“佳节”倾巢而出。

四月一日，跟我也是有关，有谁知道的，先不要说，不然大家提早出现“抗体”，那就不好玩了！