Ⅰ. Security Trends- January 2011

Similar documents
Ⅰ. Security Trends - June 2010

ASEC REPORT VOL AhnLab Monthly Security Report. Malicious Code Trend Security Trend Web Security Trend

ASEC REPORT VOL AhnLab Monthly Security Report SECURITY TREND - APRIL 2013

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Innovations in Network Security

Common Cyber Threats. Common cyber threats include:

Malware & Botnets. Botnets

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

ZNetLive Malware Monitoring

Recognizing Spam. IT Computer Technical Support Newsletter

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Sophos Endpoint Security and Control Help

Network Security and the Small Business

ViRobot Desktop 5.5. User s Guide

Current Threat Scenario and Recent Attack Trends

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

GlobalSign Malware Monitoring

Information Security Threat Trends

Security A to Z the most important terms

The Underground Economy of the Pay-Per-Install (PPI) Business

WEB ATTACKS AND COUNTERMEASURES

F-Secure Anti-Virus for Mac 2015

Countermeasures against Bots

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Firewall and UTM Solutions Guide

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

WHITE PAPER. Understanding How File Size Affects Malware Detection

HoneyBOT User Guide A Windows based honeypot solution

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

What you need to know to keep your computer safe on the Internet

Using big data analytics to identify malicious content: a case study on spam s

DDos Monitoring System using Cloud AV AhnLab, Inc. SiHaeng Cho, Director of R & D Center

Don t Fall Victim to Cybercrime:

Current counter-measures and responses by CERTs

Corporate Account Takeover & Information Security Awareness. Customer Training

The Key to Secure Online Financial Transactions

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

McAfee Labs Combating Fake Alert infections. - Amith Prakash, Global Threat Response

Managed Security Services

Computer Networks & Computer Security

2010 Carnegie Mellon University. Malware and Malicious Traffic

10 Quick Tips to Mobile Security

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

F-Secure Anti-Virus for Mac. User's Guide

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Spyware. Summary. Overview of Spyware. Who Is Spying?

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

INFOCOMM SEC RITY. is INCOMPLETE WITHOUT. Be aware, responsible. secure!

Attacks from the Inside

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Sophos Endpoint Security and Control Help. Product version: 11

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders.

F-Secure Internet Security 2012

How to stay safe online

Information Security Awareness

TRAINING FOR AMERICAN MOMENTUM BANK CLIENTS. Corporate Account Takeover & Information Security Awareness

Top tips for improved network security

CYBERTRON NETWORK SOLUTIONS

It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions

Stopping zombies, botnets and other - and web-borne threats

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Trend Micro Hosted Security Stop Spam. Save Time.

Operation Liberpy : Keyloggers and information theft in Latin America

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

Release Notes for Websense Security v7.2

SECURING INFORMATION SYSTEMS

============================================================= =============================================================

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Transcription:

Ⅰ. Security Trends- January 2011 1. Malicious Code Trend Malicious Code Statistics The table below shows the percentage breakdown of the top 20 malicious code variants reported this month. The table below shows the percentage breakdown of the top 20 malicious codes reported in January 2011. [Table 1-2] Top 20 Malicious Code Variant Reports [Table 1-1] Top 20 Malicious Code Reports As of January 2011, TextImage/Autorun is the most reported malicious code, followed by JS/Exploit (373,502 reports) and Win32 / Induc (reports), respectively 6 new malicious codes were reported this month. Win-Trojan/Downloader.59904.AK that rank 4th was first reported at the end of December 2010 and is increasing fast. As of January 2011, TextImage/Autorun is the most reported malicious code, representing 12.9% (1,234,816 reports) of the top 20 reported malicious code variants, followed by Win-Trojan/Onlinegamehack (1,196,089 reports) and Win-Trojan/Downloader (799,998 reports). The chart below categorizes the top malicious codes reported this month. [Fig. 1-1] Primary Malicious Code Type Breakdown AhnLab Policy Center 4.0 The safest name in the world AhnLab 01

As of January 2011, Trojan is the most reported malicious code, representing 50.3% of the top reported malicious codes, followed by Worm (14.2%) and Script (8.7%). The table below shows the percentage breakdown of the top 20 new malicious codes reported in January 2011. [Fig. 1-2] Top Malicious Code Type Comparison Chart Compared to last month, the number of Trojan and spyware reports increased, whereas, the number of worm, adware, downloader, virus, script, dropper and appcare reports dropped. [Table 1-3] Top 20 New Malicious Code Reports As of January 2011, Win-Trojan/Downloader.59904.AK is the most reported new malicious code, representing 19.9% (272,897 reports) of the top 20 reported new malicious codes, followed by Win-Trojan/Overtls11.Gen (186,291 reports). [Fig. 1-3] Monthly Malicious Code Reports There has been a decrease in malicious code reports in January, which dropped 1,099,871 to 17,304,230 from 18,404,101 in December. [Fig. 1-4] New Malicious Code Type Breakdown As of January 2011, Trojan is the most reported new malicious code, representing 92% of the top reported new malicious codes. It is followed by adware (4%) and dropper (3%). Malicious Code Issues AhnLab V3 MSS DDoS attack 02 ASEC Report _ 2011. Vol.13

Multiple DDoS (Distributed Denial of Service) codes were reported to have attacked various online forums, and Internet broadcasting, portal and chatting sites this month. A boy in his teens was found to have spread one of the malicious codes via online forums and Internet broadcasting sites just to attract attention. The malicious code that initiated the DDoS attacks was disguised in the form of automatic updates for widely used utilities and video files, and distributed via P2Ps, forums and blogs.attacked sites will get more than 100 packets per second of DDoS traffic. This social engineering technique takes advantage of a social issue with a message, Click the link to download a file to prevent virus attack from a North Korean network. We analyzed the mail header information and found that the email account is from a Chinese portal site and sent from the site s server.the link contained a modified file from a Korean antivirus company s server. When installed, the following malicious file is installed along with the antivirus company s Windows patch scanning program. - %PROGRAMFILES%\NVIDIA\[random 2-byte alphabets]ntex.dll - %PROGRAMFILES%\NVIDIA\[random 2-byte alphabets]ntex.ole - %USERPROFILE%\Local Settings\Temp\[random 2-byte alphabets]32. LOG [Fig.1-5] DDoS packets Cache-Control: no-store, must-revalidate option has been added to use up the server system resource as in Fig. 1-5 above.internet users are advised not to download any provocative or attentiongrabbing files, and only download files from official or trusted web sites. Malware email scam from security company On January 14, after the DDoS attack against an online community of DC Inside Yeonpyeong Island Shelling By North Korea, and hacking attack on Uriminzokkiri homepage, there was a report on a malware email that claimed to be from a security company. When infected, there are attempts to connect to the 6380 port for a Jackpot site, Mania Bada. The damage could have been worse as the email was sent from an email account of a security company, but it was not as bad as expected, as it was not sent to random people. Changes in malware distributed via NateOn Malicious URL links used to be sent via instant messages or memos for the recipient to click to download malicious files.however, recently, a malware was found to be distributed via a website with malicious scripts inserted. [Fig. 1-7] URL delivered via NateOn memo Most of the websites with malicious scripts used ZeroBoard 4, in which the attacker exploited the vulnerabilities to insert the scripts. In the past, malware did not infect your system when not executed. But, now, your system can get infected just by accessing a vulnerable website. So, be careful not to click on any suspicious URL you receive via NateOn memo or instant messages. Kneber, a Zeus variant, appears as sent by the White House [Fig. 1-6] Email that claimed to be from a security company An article titled, Malware in fake White House e-card steals data, was reported by CNET on January 5. This alerted the Korean press to report this issue.the email appeared to be a holiday greeting from the White House but instead hid a Zeus variant, Kneber, that stole data.trend Micro also mentioned this malware on its blog under the title, Old Zeus Variant Returns for Christmas. The safest name in the world AhnLab 03

[Fig. 1-9] IE zero-day vulnerability exploiting scripts This attack was reported in some countries abroad and the number is not increasing, but extra caution is advised. Refer to KrCert s MS IE New Remote Code Execution Vulnerability. V3 detects the malicious script as below: [Fig. 1-8] E-mail appearing to be a holiday greeting from the White House The holiday e-greeting prompted recipients to click to view the card, but when the file was opened, malware known as Zeus was downloaded to the computer. Similar attacks that takes advantage of major holidays exist every year. In 2010, Prolaco (Ackantta) variant was distributed via a Christmas e-card, and another malware also spread via a holiday e-greeting in 2009. V3 detects this malware as below: - Win-Trojan/Zbot.177152.AC - Win-Trojan/Zbot.179712.P - Win-Trojan/Agent.900769 - JS/CVE-2010-3971 According to Advance Notification Service for the January 2011 Security Bulletin Release, a security patch has not been included in the January 2011 Security Bulletin. Malware distributed via shortened URL on Twitter On January 21, 2011, a malware that directs victims to rogue antivirus sites was distributed via shortened URL on tweets.this attack was announced on SANS blog under the title, Possible new Twitter worm. As it can be seen below, Google s shortened URLs are used a lot in tweets. MS IE exploits CVE-2010-3971 vulnerability On December 22, 2010, Microsoft released a security advisory, Microsoft Security Advisory (2488013) Vulnerability in Internet Explorer Could Allow Remote Code Execution. This zero-day vulnerability was attacked in some countries abroad in the morning of January 7, 2011.This zero-day vulnerability is a remote code execution vulnerability caused by heap-spray in IE s mshtml.dll. MS IE 6, 7 and 8 are affected. AhnLab SiteGuard Pro 04 ASEC Report _ 2011. Vol.13

45 virus from your normal files will be displayed. [Fig. 1-13] Warning that infections have been found [Fig. 1-10] Tweets with Google s shortened URLs The malicious URL works as below. Three redirections will lead to a malicious website that distributes the rogue antivirus. If you click Remove all threats now, you will be asked to pay $79.95 (approx. KRW 23,000) for a lifetime licence and support. [Fig. 1 11] Exploitation of Google s shortened URL in 3 stages [Fig. 1-14] Payment page for lifetime license and support The malicious URL will lead victims to a malicious website that distributes rogue antivirus. When installated, the following message will appear. Extra caution is needed as there are multiple variants for this rogue antivirus. V3 detects this malware as below: - Win-Trojan/Fakeav.311808.AC Malware that bypasses cloud antivirus [Fig. 1-12] Message that rogue antivirus has been installled If you download and execute this file, a fake antivirus will be installed to your system, and messages that claim to have detected On January 18, 2010, Microsoft Malware Protection Center posted Bohu Takes Aim at the Cloud about a malware that bypasses detection by cloud antivirus. The malware was made to bypass detection by cloud antivirus developed by a Chinese security company to steal user information from a Chinese portal site. The malware is an installation file created with Nullsoft PiMP, and is disguised as an installation file for a Chinese video player, Suyu. The safest name in the world AhnLab 05

Among all the created files, siglow.sys (17,024 byte) file is the file that bypasses detection by cloud antivirus. This driver file hooks network packets that are loaded on the system in the NDIS (Network Driver Interface Specification) stage. As for the outbound packets, when the network address of the cloud antivirus software created by the Chinese security company is included as below, connection to the address gets blocked. [Fig. 1-15] Malware disguised as video player installation file When installed, the following files will be created and executed on the system. - C:\Program Files\baidu\msfsg.exe (369,664 byte) - C:\Program Files\baidu\uninst18.exe The created file, msfsg.exe (369,664 byte), runs maliciously and creates the following files to bypass detection by the cloud antivirus. - C:\Program Files\baidu\spass.dll (710,656 byte) - C:\Program Files\baidu\siglow.sys (17,024 byte) - C:\Program Files\baidu\siglow.dll (37,888 byte) msfsg.exe (369,664 byte) loads all the above files to the memory, and then gets deleted from the local system and shows the following video player, to trick the victim into believing he/she has downloaded a video player. [Fig. 1-17] Blocked cloud antivirus servers In order to bypass detection, the malware exploits the fact that the cloud antivirus sends diagnosis information to the network and blocks transmission of information to the servers. V3 detects this malware as below: - Win-Trojan/Bohu.2229512 - Win-Trojan/Bohu.17024 - Win-Trojan/Bohu.37888 - Win-Trojan/Bohu.710656 Bohu Trojan horse is noteworthy since it is the first anti-cloud. Usually, when a new malware with a new infection technique is found, antivirus companies act by developing new detection and response techniques. However, the creator of Bohu Trojan horse has analyzed the way cloud antivirus works and found the method to bypass it. Such bypassing techniques will keep on developing to create new malware to bypass cloud antivirus. [Fig. 1-16] Fake video player 06 ASEC Report _ 2011. Vol.13

Facebook password reset scam email On January 26, 2011, a Facebook password reset scam email was reported. A similar scam was also found on April 2010, so extra caution is required. The scam found this month contained the following message and was sent under the subjects below: will open to show a Facebook login ID and password.this file is a normal Word file downloaded from a system in Russia. [Fig. 1-19] Normal file shown by the malware [Fig. 1-18] Facebook password reset scam e-mail The message for the scam email was the same, but the subject was different as below: - Facebook Support. A new password has been changed. ID<3- digit number> - Facebook Service. Your account has been blocked! ID<3-digit number> - Facebook Service. Your password is changed. ID<3-digit num ber> - Your facebook password has been changed. NR<4-digit num ber> - Facebook. The new password to your account. NR<5-digit nu mber> - Facebook Service. A new Password is sent you! ID<4-digit nu mber> - Facebook Office. Personal data has been changed! ID<5-digit number> The scam contains the message, This is a post notification. A spam is sent from your Facebook account. Your password has been changed for safety. A compressed zip file, such as Facebook_details_ID<5-digit number>.zip (20,699 byte) is attached to the email scam. When decompressed, Facebook_details.exe (24,576 byte) will be created. When the file is opened, the following document.doc The Facebook_details.exe (24,576 byte) works as below: 1. It executes svchost.exe, a normal system file on Windows, an d overwrites the memory of the file with its code. 2. It creates 1B.tmp (78,848 byte) and 1D.tmp (62,976 byte) on the user account s temp folder. 3. 1B.tmp (78,848byte) creates aspimgr.exe (64,512 byte) that s ends email with the actual malware attachment on the Wind ows system folder (C:\Windows\Sytem32). 4. It registers the aspimgr.exe (64,512 byte) file as a Windows s ervice, Microsoft ASPI Manager, to automatically run at star tups. 5. It overwrites the memory of spoolsv.exe, a normal file on Wi ndows system, with its own code, to delete explorer.exe and winlogon.exe, and create another set of files with the same n ame. 6. If there are FTP server address and login information on add itionally infected systems, it gathers this information and sen ds it to a system in Russia. V3 detects this as below: - Win-Trojan/Zbot.24576 - Win32/Danmec.worm.64512 The safest name in the world AhnLab 07

2. Security Trend Malicious Code Intrusion: Website Security Statistics Microsoft Security Updates- January 2011 Microsoft released 2 security updates this month. [Fig. 2-2] Monthly malicious code intrusion: website [Fig. 2-1] MS Security Updates Fig. 2-2 above shows the monthly malicious code intrusion of websites. The number of intrusion rose slightly from the previous month For further details, please refer to 3. Web Security Trend. Security Issues Vulnerability in Windows Graphics Rendering Engine (CVE-2010-3970) Table 2-1] MS Security Updates for January 2011 Two security updates were released this month. MS11-01 vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file. MS11-02 vulnerabilities could allow remote code execution if a user views a specially crafted Web page. Microsoft had seen examples of proof of concept code published publicly. It is recommended for you to download the patch to fix the vulnerability. The patches for CVE-2010-3971 (vulnerability in IE CSS) and CVE-2010-3970 (vulnerability in MS graphic engine) are not yet available. Exploitation of a stack-based buffer overflow in the handling of thumbnails by Windows Graphics Rendering Engine (Shimgvw. dll) could cause remote code execution. [Fig. 2-3] Vulnerability in Windows Graphic Rendering Engine Moti and Xu Hao reported this vulnerability during POC 2010. The vulnerability has not yet been exploited, but caution should still be taken. The vulnerable code will only be triggered if you enable Thumbnails view. Disable it if possible. 2011 Storm Worm botnet AhnLab V3Net for Windows Server 7.0 Storm worm was first reported on January 17, 2007, and spread fast from January 19 to infect 8% of computers worldwide. This virus disguises itself as an email news alert on the weather and 08 ASEC Report _ 2011. Vol.13

urges email recipients to download and run an executable file. Another Storm worm attack disguised as FBI vs FaceBook spread in 2008. This type of worm that spread using an email message with a subject line about a social issue is dubbed Storm worm or Wale Dac. There was a spam during the year-end holidays on December 30, 2010. Steven Adair considers it to be Waledac 2.0 or Storm Worm 3.0. Clicking and downloading the link or file attachment on the scam email will infect your system. Infected systems will send out spam to other computers. When the worm regularly accesses a hacked web page or server, data that starts with 0102010101010201 will always be included in the 33 byte or 417 byte payload. exploitable bug he found in IE with the fuzzer. He was able to confirm that there were no downloads or discoveries of the tool. But on Dec. 30, an IP address in China queried keywords included in one of the indexed cross_fuzz files, specifically two DLL functions, BreakAASpecial and BreakCircularMemoryReferences, associated with and unique to the zero-day IE flaw he found with the fuzzer. In the summer of 2010, Zalewski notified IE, Mozilla and Opera browser makers about the flaws, and they have been patched, except IE. The flaws in IE are identified as CVE-2011-0346 and CVE- 2011-0347. Caution still needs to be taken as the vulnerability has not yet been patched. 3. Web Security Trend Web Security Statistics [Fig. 2-4] Storm Worm payload The number of such worm is on the rise and they usually spread via email. Users are advised to exercise increased caution before opening links or attachments in emails from unfamiliar addresses. Google s computer security expert unleashes browser fuzzing tool Web Security Summary This month, SiteGuard (AhnLab s web browser security service) blocked 78,911 websites that distributed malicious [Table 3-1] Website Security Summary codes. There were 885 types of reported malicious code, 883 reported domains with malicious code, and 3,463 reported URLs with malicious code. The number of reported domains with malicious code was the same as the previous month, where as the number of reported URLs with malicious, types of reported malicious code and number of blocked malicious URLs increased. Monthly Blocked Malicious URLs [Fig. 2-5] Michal Zalewski s blog On January 2011, Michal Zalewski, Google s computer security expert, unleashed cross fuzz, a browser fuzzing tool. Zalewski says an accidental leak of the address of the fuzzer prior to its release helped reveal some unexpected intelligence, namely that third parties in China apparently also know about an unpatched and [Fig. 3-1] ] Monthly Blocked Malicious URLs As of January, the number of blocked malicious URLs increased 91% to 78,911, from 41,313 the previous month. The safest name in the world AhnLab 09

Monthly Reported Types of Malicious Code Distribution of Malicious Codes by Type [Table 3-2] Top Distributed Types of Malicious Code [Fig. 3-2] Monthly Reported Types of Malicious Code As of January 2011, the number of reported types of malicious code increased 8% from 819 the previous month to 885. Monthly Domains with Malicious Code [Fig. 3-5] Top Distributed Types of Malicious Code As of January 2011, adware is the top distributed type of malicious code with 22,371 cases reported (28.3%), followed by dropper with 22,183 cases reported (28.1%). [Fig. 3-3] Monthly Domains with Malicious Code Top 10 Distributed Malicious Codes As of January 2011, the number of domains with malicious code remained the same this month. Monthly URLs with Malicious Code [Table 3-3] Top 10 Distributed Malicious Codes [Fig. 3-4] Monthly URLs with Malicious Code As of January 2011, Win-Adware/Shortcut.InlivePlayerActiveX.234 is the most distributed malicious code, with 13,938 cases reported. 8 new malicious codes, including Win32/Virut.D, emerged in the top 10 list this month. As of January 2011, the number of reported URLs with malicious code increased 11% from 3,122 the previous month to 3,463. 10 ASEC Report _ 2011. Vol.13

Web Security Issues January 2011 Malicious Code Intrusion: Website [Fig. 2-2] of 2. Security Trend shows the monthly malicious code intrusion of websites. 175 cases were reported in January, and they were mostly Win-Trojan/Onlinegamehack that steals online game account information. The cases above show that no matter how impeccably you prevent your website from external attacks and clear your websites from vulnerabilities, your website can still be used to distribute malware. The reason most of the distributed malicious codes was Win-Trojan/Onlinegamehack is based on the following article: * Growth spurt in Korean online game industry to reap KRW 10 trillion in 2012 http://news20.busan.com/news/newscontroller.jsp?subsectionid=1010020000&news Id=20101217000195 [Table 3-4] Top 10 Malicious Code Intrusion of Websites The online game industry is expected to reap approximately 7 trillion won in 2012. The diversity of online games will increase users and sales. This will cause a rise in real-money transaction to buy and sell items and cyber money. With this, malicious hackers will try to earn money by hacking online game sites with Win-Trojan/ Onlinegamehack to steal account information. Win-Trojan/Onlinegamehack could cause serious damages. It could cause one of the biggest damages by leaking account information to a specific website as below: The table above shows the top 10 malicious code intrusion of websites. The malicious codes were distributed the most on the weekends. Most of the malicious codes were distributed via banner advertisements that contained malicious scripts on websites Some of the sites had subsites, and these subsites also had banner advertisements that were used to distribute the malicious codes. - Case 1: Portal site http://adv.*****.com/js.**i/***file/***_sub@rectangle -> Inserted URL: http:\/\/67.***.***.14\/script.js - Case 2: Online broadcasting site http://ad2.****.com:8080/js.**i/***i/****craper@right?pgid=pmf -> Inserted URL: http:\/\/67.***.***.14\/script.js - Case 3: Online storage site http://ad.jja****.com:8080/js.***i/2011_jja****/main_icon@left -> Inserted URL: http:\/\/206.****.****.193\/img.js - Case 4: Image site http://ad.*****de.com:8080/js.***i/****log/****log@main1 -> Inserted URL: http://206.***.***.193/img.js [Fig. 3-6] Account information leaked by Win-Trojan/Onlinegamehack Take note of CODE that is highlighted by the red box. Win-Trojan/ Onlinegamehack may encrypt stolen account information (ID and password) to hide the information during transmission.what is the difference between a computer that often gets attacked by malicious codes and one that never gets attacked? The only difference is that the user. The user of the computer that never gets attacked by malicious codes regularly updates his or her computer with the latest security updates. The user of the computer that is often infected by malicious codes is unconcerned about getting security updates and highly dependant on his/her antivirus software. What is the point of installing a burglar alarm when you open your gates or front door wide? The fundamental problem must be solved you should not just rely on your security system. Updating your computer with the latest security updates will not make your computer 100% safe from attacks by malicious codes. However, most attacks will be prevented in advance. The safest name in the world AhnLab 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information